CN106817352A - Broadcasting packet encryption method and device - Google Patents

Broadcasting packet encryption method and device Download PDF

Info

Publication number
CN106817352A
CN106817352A CN201510863047.5A CN201510863047A CN106817352A CN 106817352 A CN106817352 A CN 106817352A CN 201510863047 A CN201510863047 A CN 201510863047A CN 106817352 A CN106817352 A CN 106817352A
Authority
CN
China
Prior art keywords
message
key
olt
onu
broadcasting packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510863047.5A
Other languages
Chinese (zh)
Inventor
张剑英
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sanechips Technology Co Ltd
Shenzhen ZTE Microelectronics Technology Co Ltd
Original Assignee
Shenzhen ZTE Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen ZTE Microelectronics Technology Co Ltd filed Critical Shenzhen ZTE Microelectronics Technology Co Ltd
Priority to CN201510863047.5A priority Critical patent/CN106817352A/en
Priority to PCT/CN2016/098281 priority patent/WO2017092465A1/en
Publication of CN106817352A publication Critical patent/CN106817352A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a kind of broadcasting packet encryption method, OLT and ONU, methods described includes:Optical line terminal OLT determines specified broadcasting packet to be encrypted;The specified broadcasting packet is encrypted, broadcast enciphering message is formed;The broadcast enciphering message is sent to optical network unit ONU.

Description

Broadcasting packet encryption method and device
Technical field
The present invention relates to optical communication field, more particularly to a kind of broadcasting packet encryption method and device.
Background technology
As shown in figure 1, in Ethernet passive optical network (Ethernet Passive Optical Network, letter Claiming EPON system includes optical line terminal (Optical Line Terminal, abbreviation OLT), optical distribution Network (Optical Distribution Network, ODN) and optical network unit (Optical Network Unit, Abbreviation ONU).The OLT and optical signal transmission can be carried out between ONU;And from OLT to ONU Sendaisle be referred to as down going channel, the data of transmission are downlink data.ODN is used in OLT and ONU Between optical channel is provided.
As shown in figure 1, an optical line terminal can be connected by optical splitter with multiple optical network units.If OLT is transferred to if the downlink data of ONU do not encrypt, and ONU may eavesdrop other ONU information, In order to avoid the appearance of such case, it is necessary to take encryption for downlink data, to prevent ONU between information Leakage.
Some methods being encrypted to downlink data are proposed in currently available technology, but actually used When, still find that there are some information still to be stolen by other ONU causes the leakage of information.
The content of the invention
In view of this, the embodiment of the present invention is expected to provide broadcasting packet encryption method and device, being capable of at least portion Decompose the problem of information leakage of determining.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
Embodiment of the present invention first aspect provides a kind of broadcasting packet encryption method, and methods described includes:
Optical line terminal OLT determines specified broadcasting packet to be encrypted;
The specified broadcasting packet is encrypted, broadcast enciphering message is formed;
The broadcast enciphering message is sent to optical network unit ONU.
Based on such scheme, methods described also includes:
The OLT and ONU consults encryption key, determines encryption key and cipher key index;
It is described that the specified broadcasting packet is encrypted, broadcast enciphering message is formed, including:
The part to be encrypted of the specified broadcasting packet is encrypted using the encryption key, and will be described Cipher key index carries the clear portion in the specified broadcasting packet, forms the broadcast enciphering message;
Wherein, the cipher key index determines the encryption key for the ONU.
Based on such scheme, the OLT and ONU consults encryption key, determines encryption key and key rope Draw, including:
Secret key request message is sent to the ONU for receiving the broadcast enciphering message;
After the secret key request message is sent, start the first timing;
In the timing time of first timing, receive the ONU and returned based on the secret key request message The response message for returning;
The encryption key is extracted from the response message.
Based on such scheme, the OLT and ONU consults encryption key, determines encryption key and key rope Draw, also include:
If the first timing time-out does not receive the response message also or do not extract encryption key, weigh Newly send the secret key request message.
Based on such scheme, the optical line terminal OLT determines specified broadcasting packet to be encrypted, including:
The lead code and command code opcode fields of analytic message, obtain parsing information;
Determine whether the message is specified message to be encrypted according to the parsing information.
Based on such scheme, methods described also includes:
Detection broadcast enciphering enables switch;
It is described that the specified broadcasting packet is encrypted, broadcast enciphering message is formed, including:
If the broadcast enciphering enables switch and is in enabled state, the specified broadcasting packet is encrypted, Form broadcast enciphering message.
Embodiment of the present invention second aspect provides a kind of broadcasting packet encryption method, and methods described includes:
ONU and OLT consults encryption key, determines encryption key and cipher key index;
Store the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
Based on such scheme, methods described also includes:
Receive the broadcast enciphering message that OLT sends;
The clear portion of the broadcast enciphering message is parsed, cipher key index is determined;
Encryption key is inquired about according to the cipher key index;
Cipher text part based on broadcast enciphering message described in the encryption key decryption.
The embodiment of the present invention third aspect provides a kind of optical line terminal OLT, and the OLT includes:
First determining unit, for determining specified broadcasting packet to be encrypted;
Unit is formed, for being encrypted to the specified broadcasting packet, broadcast enciphering message is formed;
First transmitting element, for sending the broadcast enciphering message to optical network unit ONU.
Based on such scheme, the OLT also includes:
First negotiation element, encryption key is consulted for OLT and ONU, determines encryption key and key rope Draw;
The formation unit, specifically for utilizing the encryption key to the to be encrypted of the specified broadcasting packet Part is encrypted, and the cipher key index is carried into the clear portion in the specified broadcasting packet, is formed The broadcast enciphering message;
Wherein, the cipher key index determines the encryption key for the ONU.
Based on such scheme, first transmitting element is additionally operable to the reception broadcast enciphering message ONU sends secret key request message;After the secret key request message is sent, start the first timing;
The OLT also includes:
First receiving unit, is based on in the timing time of first timing, receiving the ONU The response message that the secret key request message is returned;
First negotiation element, specifically for extracting the encryption key from the response message.
Based on such scheme, first transmitting element, if be additionally operable to the first timing time-out not receiving also To the response message or encryption key is not extracted, then resend the secret key request message.
Based on such scheme, first determining unit, specifically for the lead code and command code of analytic message Opcode fields, obtain parsing information;And determine whether the message is to be encrypted according to the parsing information Specified message.
Based on such scheme, the OLT also includes:
Detection unit, for detecting that broadcast enciphering enables switch;
The formation unit, if enabling switch specifically for the broadcast enciphering is in enabled state, to institute State specified broadcasting packet to be encrypted, form broadcast enciphering message.
Embodiment of the present invention fourth aspect provides a kind of optical network unit ONU, and the ONU includes:
Second negotiation element, for consulting encryption key with OLT, determines encryption key and cipher key index;
Memory cell, for storing the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
Based on such scheme, the ONU also includes:
Second receiving unit, the broadcast enciphering message for receiving OLT transmissions;
Resolution unit, the clear portion for parsing the broadcast enciphering message, determines cipher key index;
Query unit, for inquiring about encryption key according to the cipher key index;
Decryption unit, for the cipher text part based on broadcast enciphering message described in the encryption key decryption.
Broadcasting packet encryption method provided in an embodiment of the present invention and device, can determine whether out specifying for needs encryption Broadcasting packet, is then encrypted to form broadcast enciphering message to broadcasting packet, and OLT sends to ONU Broadcast enciphering message, so avoids after ONU receives broadcasting packet, to cause broadcasting packet to be stolen And information leakage, increase the difficulty of information leakage, improve Information Security.
Brief description of the drawings
Fig. 1 is a kind of structural representation of EPON system;
Fig. 2 is the schematic flow sheet of the first broadcasting packet encryption method provided in an embodiment of the present invention;
Fig. 3 is the schematic flow sheet of second broadcasting packet encryption method provided in an embodiment of the present invention;
Fig. 4 is the schematic flow sheet of the third broadcasting packet encryption method provided in an embodiment of the present invention;
Fig. 5 is the schematic flow sheet of the 4th kind of broadcasting packet encryption method provided in an embodiment of the present invention;
Fig. 6 is a kind of structural representation of OLT provided in an embodiment of the present invention;
Fig. 7 is a kind of structural representation of ONU provided in an embodiment of the present invention;
Fig. 8 is the part-structure schematic diagram of message provided in an embodiment of the present invention;
Fig. 9 is the schematic flow sheet of AES encryption provided in an embodiment of the present invention;
Figure 10 is that the comparison of the data frame before and after utilization triple stirring encryption provided in an embodiment of the present invention is illustrated Figure;
Figure 11 is encrypted key exchange flow signal in triple stirring ciphering process provided in an embodiment of the present invention Figure.
Specific embodiment
Research finds that optical line terminal is sent to the data of optical network unit can all take various cipher modes to enter Row encrypted transmission.But only common unicast and multi-cast business data are encrypted, not specifically designed for broadcast number According to encryption, and some broadcast datas are caused to be stolen and revealed by illegal ONU.In view of this, this implementation Example provides a kind of broadcasting packet encryption method, and specified broadcasting packet to be encrypted is encrypted, and improves letter Breath security.Technical scheme is done further below in conjunction with Figure of description and specific embodiment Elaborate.
Embodiment one:
As shown in Fig. 2 the present embodiment provides a kind of broadcasting packet encryption method, the method includes:
Step S110:Optical line terminal OLT determines specified broadcasting packet to be encrypted;
Step S120:The specified broadcasting packet is encrypted, broadcast enciphering message is formed;
Step S130:The broadcast enciphering message is sent to optical network unit ONU.
Before the OLT sends downlink data in the present embodiment, if the downlink data for sending is reported for broadcast Text, it will determine whether it is the specified broadcasting packet for needing encryption.Here specified broadcasting packet can be specified The broadcasting packet of type.It is specific to register broadcasting packet and non-registered broadcasting packet as broadcasting packet be divided into; The specified broadcasting packet can be non-registered broadcasting packet.Such as, the OLT receives indicator, The indicator encrypts some broadcasting packet, and this specifies the broadcasting packet to be encrypted to be the specified broadcast Message.Certainly when implementing, the body part of the broadcasting packet can be also parsed, according to body part The security requirement of content, determines whether corresponding broadcasting packet is the specified broadcasting packet.
Broadcast enciphering message will be formed to specifying broadcasting packet to be encrypted in the step s 120, like this, Be just that other ONU steal the broadcasting packet, no key cannot also obtain broadcasting packet it is interior perhaps Steal the difficulty increase of the content of broadcasting packet.The broadcasting packet is encrypted and can wrapped in the step s 120 Include all encryption or Partial encryption.Here Partial encryption can be that the partial content only to broadcasting packet is added Close, such as the packet header not to broadcasting packet is encrypted, and the text only to broadcasting packet is encrypted.Institute State and all be encrypted as being encrypted whole broadcasting packet.
The broadcast enciphering message that will be formed after encryption in step s 130 is sent to ONU, and transmission here can ONU is issued to by ODN.
Broadcasting packet encryption method described in the present embodiment, the information between OLT and ONU that not only increases is passed Defeated security, reduces information leakage, also with realizing easy the characteristics of.
As shown in figure 3, in the present embodiment, methods described also includes:
Step S101:The OLT and ONU consults encryption key, determines encryption key and cipher key index;
The step S120 may include:Using the encryption key to the compact part to be added of the specified broadcasting packet Divide and be encrypted, and the cipher key index is carried into the clear portion in the specified broadcasting packet, form institute State broadcast enciphering message;Wherein, the cipher key index determines the encryption key for the ONU.
The OLT can be assisted with needing the ONU for receiving the broadcasting packet to be encrypted key in the present embodiment Business, like this, OLT and corresponding ONU will determine encryption key, facilitate follow-up ONU to broadcast The decryption of encrypted message.In implementation process, an encryption key can be determined by the OLT, issued To ONU, it is also possible to which ONU determines an encryption key, is sent to OLT.But in this implementation In order to avoid other ONU steal encryption key in example, it is usually preferred to be to determine encryption key by ONU, OLT is sent to by up optical channel.A cipher key index, this key are also can determine whether in the present embodiment After index facilitates ONU to receive the broadcast enciphering message, from the clear portion of broadcast enciphering message Extract, and then determine the encryption key.Here the cipher key index equally can be described What ONU the determines, or OLT determined, preferably described cipher key index in the present embodiment Determined by the side for forming the encryption key.
The clear portion of the cipher key index is carried in the present embodiment, it may include before in message middle wrapping head Leading code.For example, the cipher key index can be represented using the partial bit in the 5th of lead code the byte; Specifically such as, the cipher key index is represented using last 2 bits in the 5th byte.
In a word, the present embodiment methods described, OLT can be encrypted the negotiation of key with ONU in advance, from And encryption key and cipher key index are determined, to facilitate the decryption of subsequent broadcast encrypted message.
Certainly during concrete implementation, the OLT and ONU can pre-set multiple encryption keys, Subsequently when holding consultation, it is only necessary to consult the corresponding cipher key index of encryption key.It is in the present embodiment Further improving information safety, the encryption key is dynamic life for OLT and ONU wherein one end Into, rather than selected from the key that multiple pre-sets.
Further, the step S101 may include:
Secret key request message is sent to the ONU for receiving the broadcast enciphering message;
After the secret key request message is sent, start the first timer;
In the timing time of first timer, receive the ONU and be based on the secret key request message The response message of return;
The encryption key is extracted from the response message.
The secret key request message may correspond to a key request frame, such as described OLT in the present embodiment By to receive correspondence broadcasting packet ONU send a key request frame, ONU receive it is described close A key notification frame for carrying encryption key can be recovered after key claim frame as the response message.This Sample OLT can just be extracted from the response message and be carried out the encryption key of broadcasting packet encryption.Usual institute Stating also includes cipher key index in response message, and cipher key index here can be sequence number of the key etc..
In the present embodiment, after the OLT has sent the secret key request message, can start timer is carried out Timing starts counter and is counted to carry out timing, if described in OLT receives in the first timing time Response message, represents and this time consults successfully;So the ineffectiveness of key agreement is defined, it is to avoid Ignore the safety issue of ageing caused encryption key in cipher key agreement process.
Further, the step S101 also includes:If the first timing time-out does not receive the sound also Answer message or do not extract encryption key, the response message is not received also, then resend the key Request message.If current OLT has the data to need to send, the OLT can also be first in the present embodiment When timing is overtime or does not extract encryption key, the secret key request message is resend, it is close to re-start Key is consulted to ensure the normal transmission of broadcasting packet.
Certainly currently ONU may be broken down during concrete implementation, even if continuing to send described close Key request message is not also used, and can cause OLT loads excessive on the contrary;Like this, in the present embodiment may be used To specify predetermined number of times, if the continuous number of times consulted exceedes predetermined number of times, stop sending the key request Message stops failing in the transmission key negotiation request message, or output key agreement after specifying duration Etc. prompt message.
In the present embodiment, the step S110 may include:
Step S111:The lead code and command code opcode fields of analytic message, obtain parsing information;
Step S112:Determine whether the message is specified message to be encrypted according to the parsing information.
The step S111 may include:The lead code of broadcasting packet is parsed, the pattern in the lead code is extracted Position and LLID;According to the mode bit and/or LLID, determine the message whether be Broadcasting packet.
Message can be divided into broadcasting packet, unicast message and multicast message.Message can be divided into packet header and text two again Individual part, in messages including lead code, destination address (Destination Address, DA), source address The information such as (Sources Address, SA) and type field.Include two LLIDs in lead code (Logic Link Identification, LLID) field.Usual each LLID includes 8 bits;From And two LLID fields totally 16 bits, the most significant bit of this 16 bit is the mode bit, afterwards 15 Individual bit is the LLID for recording the broadcasting packet.If the mode bit is under normal conditions 1, the message is represented for broadcasting packet, if latter 15 are all 1 and also illustrate that the message is broadcasting packet.
Step S112 is the content in the parsing opcode fields, determines whether the broadcasting packet is not The logon message that can be encrypted.For example, the content of the opcode fields is 02,04,05,06 When, generally represent this broadcasting packet for logon message, here 02,04,05,06 it is corresponding be 16 System number.If therefore in step S112 the content of opcode fields be not 16 systems 02,04,05 and When 06, then the broadcasting packet can be as the specified broadcasting packet to be encrypted.
Used as further improvement of this embodiment, broadcasting packet is not encrypted under normal circumstances, only at some Under special screne, such as when some ONU are carried out with the treatment such as broadcasting packet transmitting-receiving test, may only need Broadcasting packet is sent to specific ONU.It is more preferable compatible in order to be carried out with prior art in the present embodiment Individual, methods described also includes in the present embodiment:Detection broadcast enciphering enables switch;The step S120 Including:If the broadcast enciphering enables switch and is in enabled state, the specified broadcasting packet is added It is close, form broadcast enciphering message.Switch can be enabled for OLT configures an encryption in advance in the present embodiment, If being currently needed for sending the broadcasting packet of needs encryption, the broadcast enciphering is enabled into switch in enable shape State, like this, can just trigger the OLT and perform above-mentioned steps S110 to step S130.The broadcast The default conditions that encryption enables switch are non-enabled state, and under non-enabled state, the OLT will not be to wide Text is reported to be encrypted.
Have various to the mode for specifying broadcasting packet to be encrypted in the step S130, two kinds presented below can Select mode.
The first:The specified message is carried out Advanced Encryption Standard (Advanced Encryption Standard, Abbreviation AES) encryption.AES encryption is a kind of cipher mode based on block encryption standard, in the present embodiment In the encryption unit graduation of encryption can will be needed to be divided into multiple blocks in specified broadcasting packet, for example, by encryption unit Continuously distributed 128 data in point are divided into a block, using the encryption key pair that length is 128 Each block is encrypted.
Second:
Agitation encryption is carried out to specified broadcasting packet using stir-key, for example, using stir-key to described Specified broadcasting packet carries out triple stirring encryption.Agitation is encrypted as upsetting in needs encryption using stir-key Hold, so that the information after agitation encryption shows out of order property, so ONU without stir-key is Just the message is stolen, also will be considered that it is a nonsensical mess code message.In the present embodiment in order to carry Cipher round results are risen, the security of broadcasting packet is lifted, is chosen as using triple stirring in the present embodiment, it is right Specified broadcasting packet carries out the agitation encryption of at least three times.
In a word, a kind of broadcasting packet encryption method is present embodiments provided, the wide of encryption can be needed to part Report text to be encrypted, improve the Information Security of broadcasting packet, reduce the leakage of information.
Embodiment two:
As shown in figure 4, the present embodiment provides a kind of broadcasting packet encryption method, methods described includes:
Step S210:ONU and OLT consults encryption key, determines encryption key and cipher key index;
Step S220:Store the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
Broadcasting packet encryption method described in the present embodiment is the method being applied in ONU, and the OUN can be with OLT carries out the negotiation of the encryption key of broadcasting packet encryption, determines encryption key and cipher key index.In step When will store the encryption key and cipher key index, so subsequently received broadcast enciphering message in rapid S220, The encryption key can be found using the cipher key index, and using wide described in the encryption key decryption Broadcast encrypted message;The phenomenon that broadcasting packet is stolen by other incoherent ONU can so be reduced.
It is worth noting that:Before step S220 described in the present embodiment is likely to occur in the step S210, For example, ONU has prestored multiple encryption keys and the corresponding cipher key index of encryption key, step is being performed During S210, the ONU selected from the encryption key and cipher key index that prestore one group as with OLT This carries out the encryption key and cipher key index of broadcasting packet interaction.Therefore the step S210 in the present embodiment Can be as shown in Figure 4 with the execution sequence of step S220, it is also possible to before being step S220, step S210 Rear.
As shown in figure 5, used as further improvement of this embodiment, methods described also includes:
Step S230:Receive the broadcast enciphering message that OLT sends;
Step S240:The clear portion of the broadcast enciphering message is parsed, cipher key index is determined;
Step S250:Encryption key is inquired about according to the cipher key index;
Step S260:Cipher text part based on broadcast enciphering message described in the encryption key decryption.
ONU receives broadcast enciphering message in the present embodiment, parses the clear portion of broadcast enciphering message, Here clear portion may include lead code.The field of the cipher key index is carried by parsing lead code, is obtained To the cipher key index, and then corresponding encryption key is found using cipher key index, finally perform step S260 decodes the cipher text part of the broadcast enciphering message using the encryption key;With the spy for realizing simplicity Point.It is worth noting that:If the cipher mode of broadcast enciphering message is symmetric cryptography in step S260, The encryption key i.e. decruption key, can be directly using the encryption key to the broadcast enciphering report Text is decoded.If the cipher mode of the broadcast enciphering message is asymmetric encryption, the encryption key To that there should be decruption key, then need to determine the decruption key according to the encryption key, using decruption key Carry out the secret broadcast enciphering message.
Embodiment three:
As shown in fig. 6, the embodiment of the present invention provides a kind of optical line terminal OLT, the OLT includes:
First determining unit 110, for determining specified broadcasting packet to be encrypted;
Unit 120 is formed, for being encrypted to the specified broadcasting packet, broadcast enciphering message is formed;
First transmitting element 130, for sending the broadcast enciphering message to optical network unit ONU.
The present embodiment provides a kind of OLT, and the OLT includes first determining unit 110, forms unit 120 With the first transmitting element 130.First determining unit 110 and the formation unit 120 may both correspond to Processor or process circuit in the OLT, the processor may include central processing unit, application processor, Microprocessor, digital signal processor or programmable array.The processor or process circuit are referred to by execution Determine code, realize first determining unit 110 and the function of forming unit 120.
First transmitting element 130 corresponds to the light transmission interface of the OLT, for example, corresponding to described OLT can be used in for the OUN sending encrypted message to the descending transmission interface of ONU sending signals.
The OLT can be encrypted to the broadcasting packet for needing encryption in the present embodiment, it is to avoid need not connect Other ONU for receiving the broadcasting packet reveal the information content of the broadcasting packet, lift the security of information.
Further, the OLT also includes:First negotiation element, encryption is consulted for OLT and ONU Key, determines encryption key and cipher key index;The formation unit 120, specifically for utilizing the encryption Key is encrypted to the part to be encrypted of the specified broadcasting packet, and the cipher key index is carried in institute The clear portion of specified broadcasting packet is stated, the broadcast enciphering message is formed;Wherein, the cipher key index is used Determine the encryption key in the ONU.First negotiation element may correspond to communication interface or treatment Device, can operate by with many information exchanges of OUN and information analysis extraction etc., determine the encryption Key and cipher key index.In the present embodiment by the setting of the first negotiation element, can be negotiated with easy Encryption key such that it is able to facilitate broadcast enciphering message described in ONU subsequent decryptions.
Further, first transmitting element 130, is additionally operable to the ONU for receiving the broadcast enciphering message Send secret key request message;After the secret key request message is sent, start the first timing;
The OLT also includes:
First receiving unit, is based on in the timing time of first timing, receiving the ONU The response message that the secret key request message is returned;
First negotiation element, specifically for extracting the encryption key from the response message.
First receiving unit may include the downlink reception interface of OLT, can be used in receiving institute from ONU State response message.In the present embodiment, it is also provided with the first timing, it is to avoid because negotiation time is long caused Various information security sex chromosome mosaicisms, information security sex chromosome mosaicism here may include that encryption key is compromised.
In the present embodiment, first transmitting element 130, if being additionally operable to the first timing time-out also not Receive the response message or do not extract encryption key, then resend the secret key request message. Of course for the smooth transmission for ensureing broadcasting packet in the present embodiment, if occur above-mentioned three kinds of situations at least its One of when, the secret key request message will be resend.When implementing, first transmitting element 130 number of times for sending the secret key request message to same ONU just stop after reaching predetermined number of times, Or transmission is spaced after stopping a period of time, or warning message for consulting failure etc. is sent to upper layer device.
Specifically, first determining unit 110, specifically for the lead code and command code of analytic message Opcode fields, obtain parsing information;And determine whether the message is to be encrypted according to the parsing information Specified message.Mode bit that the lead code is mentioned in previous embodiment and LLID etc. are believed Breath, can determine that whether the message for being currently needed for sending is broadcasting packet according to lead code, according to the opcode The content of field can determine that whether specified broadcasting packet to be encrypted, with simple structure and realize easy Feature.
Further, the OLT also includes:
Detection unit, for detecting that broadcast enciphering enables switch;
The formation unit 120, if enabling switch specifically for the broadcast enciphering is in enabled state, The specified broadcasting packet is encrypted, broadcast enciphering message is formed.
The detection unit may correspond to processor or process circuit in the present embodiment, can detect described Whether the field that the expression broadcast enciphering in OLT is enabled is set to correspond to specifying for the enabled state It is worth to determine that the broadcast enciphering enables the state of switch.Certainly this is a kind of realization, concrete implementation Structure is also various, is not limited to above-mentioned realize structure.
By the setting of detection unit, the detection of the state of switch is enabled to broadcast enciphering by detection unit, Can with it is compatible well in the prior art, by default the broadcast enciphering enable switch it is usually non- Enabled state, to avoid the transmission of the most of broadcasting packets that need not be encrypted of influence.
Example IV:
As shown in fig. 7, the present embodiment provides a kind of optical network unit ONU, the ONU includes:
Second negotiation element 210, for consulting encryption key with OLT, determines encryption key and cipher key index;
Memory cell 220, for storing the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
The second negotiation element 210 may correspond to the optical communication interface in the ONU and place described in the present embodiment Reason device or process circuit etc., information exchange is carried out using optical communication interface and OLT, is determined by information exchange Go out cipher key index and cipher key index.For example, the encryption key that will be determined using the optical communication interface and close At least one of key index, is sent to the OLT.The ONU can also including memory cell 220 Various storage mediums in corresponding to the ONU, can be used to store the encryption key and cipher key index.
In a word, ONU described in the present embodiment can assist OLT to determine to add by the negotiation between OLT Key, facilitates OLT to be encrypted to broadcasting packet to be encrypted using the encryption key, to improve broadcast The Information Security of message.
Further, the ONU also includes:
Second receiving unit, the broadcast enciphering message for receiving OLT transmissions;
Resolution unit, the clear portion for parsing the broadcast enciphering message, determines cipher key index;
Query unit, for inquiring about encryption key according to the cipher key index;
Decryption unit, for the cipher text part based on broadcast enciphering message described in the encryption key decryption.
The optic communication that second receiving unit described in the present embodiment may correspond to that optic communication can be carried out with OLT connects Mouthful, can be from OLT receive informations, such as described broadcast enciphering message.The broadcast in the present embodiment adds Secret report text may include clear portion and cipher text part;The information of need for confidentiality is located in embodiments of the present invention In the cipher text part.The clear portion may include the information such as the lead code of message.The cipher key index Positioned at the clear portion.Therefore resolution unit can be decrypted to clear portion in the present embodiment, institute is obtained Cipher key index is stated, encryption key is being determined according to cipher key index, so that based on wide described in encryption key decryption The encryption part of encrypted message is broadcast, so that the message content of the original broadcast message after being decrypted, realizes The encryption interaction of broadcasting packet, is prevented from the leakage of information, improves the security of information.
An example is provided below in conjunction with above-mentioned any embodiment:
This example provides a kind of broadcasting packet encryption system, and the system can be to be applied in OLT and ONU System, including:Broadcasting service bag discriminating unit, interactive unit, lead code modification unit, AES encryption list Unit and triple stirring ciphering unit.
Using above-mentioned broadcasting packet encryption system, perform broadcasting packet encryption and comprise the following steps:
The first step:;Using broadcast (Broadcast) business packet discriminating unit, the discriminating of broadcast packet is completed. In EPON system, it is possible to use the content of LLID and mode bit determines corresponding message Whether it is broadcasting packet.If usual mode bit value is 1, represent that the message is broadcasting packet;Or, When each bit of LLID is 1, represent that the message is broadcasting packet.Fig. 8 is the portion of message Point schematic diagram, message includes lead code, destination address da field, source address sa field, length/ The fields such as type field, OP-code fields;The also field such as data area does not show in fig. 8.Institute Stating lead code includes reserved field 1, reserved field 2, SFD (Start of Packet Delimiter, SPD) field, the LLID of two byte lengths and check (CRC) field.Message
Second step:Using interactive unit, it is determined whether be encrypted and the various encryption parameters such as cipher mode. The step specifically may include:When new broadcast data packet header is received, according to the broadcast being pre-configured with Encryption enables switch, decides whether to apply for encryption key.In this example, broadcasting packet cipher key index is used Direct register is configured, if broadcast enciphering switch is in enabled state, directly inquiry is directly deposited The cipher key index of device configuration, judges whether to need encryption and cipher mode according to cipher key index.In this example Cipher mode may include AES encryption and triple stirring encryption.
3rd step:Lead code changes unit, according to the treatment of cipher key interaction unit above, decides whether Modification lead code is (lead code modification unit), and after encryption key is applied for, broadcast enciphering makes switch State still keeps enabling effectively, then the low 2bit of the 5th byte in lead code is changed into 1 and key rope Draw, and amended lead code is verified, generate check value.For example, being done to amended lead code Cyclic check, generates cyclic check value.
4th step:Encryption enable and cipher mode according to second step, are encrypted.The encryption side Formula may include AES encryption and triple stirring encryption.AES encryption is introduced individually below and triple is stirred Move implementing for encryption.
When carrying out AES encryption using AES encryption unit, the data that will be encrypted carry out being divided into one Multiple data blocks, each of which data block includes 128 bits.As shown in figure 9, will split what is formed Data block as input block, with encryption key together as the input of encryption logic, by AES encryption Afterwards, the IOB after encryption will be formed.The bit number that usual IOB includes includes with the input block Bit number is identical.Next, IOB is carried out into XOR with rear 16 byte of corresponding Plaintext block, Obtain completing the ciphertext of AES encryption.
The AES encryption unit is also used in final determination encryption key;Specifically such as may include:
1) OLT sends KEY_ASSIGN message.Include 16 in the KEY_ASSIGN message Initial value, first key activationary time, 128 initial keys in encryption input value.Here KEY_ASSIGN message corresponds to the secret key request message in previous embodiment.
2) while OLT sends KEY_ASSIGN message, a time-out counter is started.
3) receive ONU and send KEY_RESPONSE message.In the KEY_RESPONSE message Key after being updated containing 128, and the second key activation time.Here KEY_RESPONSE Message corresponds to the response message in previous embodiment.
4) if the time-out counter of OLT is represented and had timed, out, KEY_RESPONSE is not received also, Or judge that OLT and ONU consults to lose based on first key activationary time and the second key activation time Lose and do not extract encryption key, just restart cipher key interaction process.First key activationary time is sent out for OLT The timestamp of KEY_ASSIGN message is sent, the second key activation time was transmission KEY_RESPONSE The timestamp of message, according to the two timestamps, it becomes possible to determine propagation delay time, if propagation delay time is big In preset time delay, such words, it is believed that consult failure.
128 initial keys that OLT sends can form the key after 128 renewals as the ONU Initial value.128 initial key and 128 update after key can also it doesn't matter completely, Described in embodiment 128 update after key to be used in previous embodiment encrypting specified broadcasting packet Encryption key.
6th step:Triple stirring ciphering unit is encrypted for triple stirring.In triple stirring ciphering process, OLT proposes key updating requirement, and ONU provides 3 byte stir-keys, and OLT uses this stir-key Complete agitation encryption.After agitation encryption is enabled, to all of data frame of non-registered broadcasting packet and OAM Frame is stirred.This non-registered broadcasting packet is to correspond to foregoing specified broadcasting packet.
Stir-key is ONU by 3 byte datas of extraction in uplink user data and 3 byte random numbers Or the result being added.
The 5th byte in lead code realizes key synchronization as the identification field that stir-key is indexed. The form before broadcast data frame agitation encryption and the form after agitation encryption are shown in Fig. 10.In figure The data frame before agitation encryption shown in 10 includes lead code and other data existed with plaintext version. 2 LLID fields of byte length in lead code, be stored with mode bit and logic chain in the field Line, and two long be 2 reserved fields of byte 1 and reserved field 2.After encryption is stirred Data frame in, with the addition of encrypted indexes in latter byte of the reserved field 2 of code of registering.And stirring In the data of dynamic encryption, agitation encryption is carried out to data agitation stirring section using stir-key.
The data stirring section shown in Figure 10 may include destination address da field, source address sa field, Length/type field and data area and FCS fields.The FCS is Frame Check Sequence Abbreviation, be check field;Can utilize and preserve the verification datas such as the cyclic check code of the data frame.FCS The verification data of middle storage can be used to verify the data of data area memory storage.In lead code circulation The check code of check code crc field storage, can be used for the verification to lead code store data inside.
Key updating is by new key claim frame (new_key_request) and key notification frame (new_churning_key) realize.OLT sends the new key asked including new key to ONU Claim frame, sequence number of the claim frame comprising the current key for being used for descending encryption.Here new key Claim frame is equivalent to secret key request message in previous embodiment.
ONU is received and is produced after new key claim frame the sequence number of new stir-key, the stir-key can be Binary system sequence number, In-use_Key_Index bytes are most in being thought received new key claim frame Binary complement code of low level.
ONU sends new key notification frame to OLT, and new key index field is included in new key notification frame With new stir-key field.Usual new key index field includes cipher key index, and data length is 1 word Section, new stir-key field includes stir-key, and data length is 3 bytes.New key sequence index word The value of the lowest order of section (New_Key_Index) is indexed for new key, and remaining bits value can be set to Designated value, designated value here can be 0 or 1.Here new key notification frame can be equivalent to foregoing implementation The response message returned based on secret key request message in example.
After OLT receives new key notification frame, it is possible to subsequent frame is stirred using new stir-key Encryption.Key synchronization realizes by the 2nd byte in the reserved field 2 in each frame, as long as ONU is received in the agitation frame of OLT transmissions, and cipher key index Key_Index can be in new key notification frame Cipher key number, then ONU carry out solution agitation using new key.2nd word of the reserved field 2 Be can be set in section has Flag and encrypted indexes;The Flag may include 1 bit, represent current message Whether encryption is had, such as when the content of the bit is 0 expression unencryption, when the bit is 1 expression encryption. The index informations such as the key label of encryption key that the corresponding bit of the encrypted indexes is represented.
OLT has a timer key_update_timer, for the control key update cycle.When this is fixed When device time-out, OLT then starts above-mentioned key updating process.OLT uses another timer Churning_Timer is used for conduct and starts next secondary key in the case where that cannot obtain key updating frame condition more The mechanism of new request, to increase the reliability of key updating.Here timer Churning_Timer Equivalent to the timer for carrying out timing in previous embodiment to the first timing.
When OLT sends new key claim frame every time, start timer Churning_Timer.Work as OLT The correct new key notification frame that ONU sends is have received before Churning_Timer time-out, then OLT Enable new key carries out agitation encryption as stir-key, and Churning_Timer is resetted.
OLT then recognizes still without new key notification frame is received after timer Churning_Timer time-out For cipher key interaction fails, Churning_Timer is resetted;And the new key of an OLT transmission new rounds please Seek frame.
Before new key is successfully interacted, ONU still uses original key, and will be close by OLT The information reporting of key interaction failure is to webmaster.If after the continuous 3 transmissions new key claim frames of OLT still So key updating frame cannot be received before Churning_Timer time-out, then OLT should be to network management alarm. Downlink business is still stirred using old key.Key updating cycle TkeyAnd timer The value of Churning_Timer can configure.TkeyDefault value be 10s.Key updating and synchronizing process.
Figure 11 provides the schematic flow sheet that stir-key interaction is carried out between OLT and ONU, including:
OLT is in a key updating cycle TkeyNew key is sent in time to ONU to ask.
After ONU receives new key request, stir-key 0 is returned to OLT.
OLT receives stir-key 0.
OLT carries out agitation encryption using stir-key 0.
ONU is follow-up after broadcast enciphering message is received, can be using the solution agitation encryption of stir-key 0.
OLT is in next TkeyIn time, new key request is sent.
After OLT ONU receive new key request, stir-key 1 is returned to OLT.
OLT carries out agitation encryption using stir-key 1.
ONU is follow-up after broadcast enciphering message is received, can be using the solution agitation encryption of stir-key 1.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, Can realize by another way.Apparatus embodiments described above are only schematical, for example, The division of the unit, only a kind of division of logic function, can there is other division when actually realizing Mode, such as:Multiple units or component can be combined, or be desirably integrated into another system, or some are special Levying to ignore, or does not perform.In addition, the coupling each other of shown or discussed each part, Or direct-coupling or communication connection can be the INDIRECT COUPLINGs or logical of equipment or unit by some interfaces Letter connection, can be electrical, machinery or other forms.
It is above-mentioned as separating component illustrate unit can be or may not be it is physically separate, make For the part that unit shows can be or may not be physical location, you can with positioned at a place, Can also be distributed on multiple NEs;Can according to the actual needs select therein part or all of Unit realizes the purpose of this embodiment scheme.
In addition, each functional unit in various embodiments of the present invention can be fully integrated into a processing module In, or each unit individually as a unit, it is also possible to two or more unit collection Into in a unit;Above-mentioned integrated unit can both be realized in the form of hardware, it would however also be possible to employ Hardware adds the form of SFU software functional unit to realize.
One of ordinary skill in the art will appreciate that:Realize all or part of step of above method embodiment Can be completed by the related hardware of programmed instruction, foregoing program can be stored in a computer-readable Take in storage medium, the program upon execution, performs the step of including above method embodiment;And it is foregoing Storage medium include:Movable storage device, read-only storage (ROM, Read-Only Memory), Random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various Can be with the medium of store program codes.
The above, specific embodiment only of the invention, but protection scope of the present invention do not limit to In this, any one skilled in the art the invention discloses technical scope in, can be easily Expect change or replacement, should all be included within the scope of the present invention.Therefore, protection of the invention Scope should be based on the protection scope of the described claims.

Claims (16)

1. a kind of broadcasting packet encryption method, it is characterised in that methods described includes:
Optical line terminal OLT determines specified broadcasting packet to be encrypted;
The specified broadcasting packet is encrypted, broadcast enciphering message is formed;
The broadcast enciphering message is sent to optical network unit ONU.
2. method according to claim 1, it is characterised in that
Methods described also includes:
The OLT and ONU consults encryption key, determines encryption key and cipher key index;
It is described that the specified broadcasting packet is encrypted, broadcast enciphering message is formed, including:
The part to be encrypted of the specified broadcasting packet is encrypted using the encryption key, and will be described Cipher key index carries the clear portion in the specified broadcasting packet, forms the broadcast enciphering message;
Wherein, the cipher key index determines the encryption key for the ONU.
3. method according to claim 2, it is characterised in that
The OLT and ONU consults encryption key, determines encryption key and cipher key index, including:
Secret key request message is sent to the ONU for receiving the broadcast enciphering message;
After the secret key request message is sent, start the first timing;
In the timing time of first timing, receive the ONU and returned based on the secret key request message The response message for returning;
The encryption key is extracted from the response message.
4. method according to claim 3, it is characterised in that
The OLT and ONU consults encryption key, determines encryption key and cipher key index, also includes:
If the first timing time-out does not receive the response message also or do not extract encryption key, weigh Newly send the secret key request message.
5. method according to claim 1, it is characterised in that
The optical line terminal OLT determines specified broadcasting packet to be encrypted, including:
The lead code and command code opcode fields of analytic message, obtain parsing information;
Determine whether the message is specified message to be encrypted according to the parsing information.
6. the method according to any one of claim 1 to 5, it is characterised in that
Methods described also includes:
Detection broadcast enciphering enables switch;
It is described that the specified broadcasting packet is encrypted, broadcast enciphering message is formed, including:
If the broadcast enciphering enables switch and is in enabled state, the specified broadcasting packet is encrypted, Form broadcast enciphering message.
7. a kind of broadcasting packet encryption method, it is characterised in that methods described includes:
ONU and OLT consults encryption key, determines encryption key and cipher key index;
Store the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
8. method according to claim 7, it is characterised in that
Methods described also includes:
Receive the broadcast enciphering message that OLT sends;
The clear portion of the broadcast enciphering message is parsed, cipher key index is determined;
Encryption key is inquired about according to the cipher key index;
Cipher text part based on broadcast enciphering message described in the encryption key decryption.
9. a kind of optical line terminal OLT, it is characterised in that the OLT includes:
First determining unit, for determining specified broadcasting packet to be encrypted;
Unit is formed, for being encrypted to the specified broadcasting packet, broadcast enciphering message is formed;
First transmitting element, for sending the broadcast enciphering message to optical network unit ONU.
10. OLT according to claim 9, it is characterised in that
The OLT also includes:
First negotiation element, encryption key is consulted for OLT and ONU, determines encryption key and key rope Draw;
The formation unit, specifically for utilizing the encryption key to the to be encrypted of the specified broadcasting packet Part is encrypted, and the cipher key index is carried into the clear portion in the specified broadcasting packet, is formed The broadcast enciphering message;
Wherein, the cipher key index determines the encryption key for the ONU.
11. OLT according to claim 10, it is characterised in that
First transmitting element, being additionally operable to please to the ONU transmission keys for receiving the broadcast enciphering message Seek message;After the secret key request message is sent, start the first timing;
The OLT also includes:
First receiving unit, is based on in the timing time of first timing, receiving the ONU The response message that the secret key request message is returned;
First negotiation element, specifically for extracting the encryption key from the response message.
12. OLT according to claim 11, it is characterised in that
First transmitting element, if being additionally operable to the first timing time-out does not receive the response message also Or do not extract encryption key, then resend the secret key request message.
13. OLT according to claim 9, it is characterised in that
First determining unit, lead code and command code opcode fields specifically for analytic message, obtains Information must be parsed;And determine whether the message is specified message to be encrypted according to the parsing information.
14. OLT according to any one of claim 9 to 13, it is characterised in that
The OLT also includes:
Detection unit, for detecting that broadcast enciphering enables switch;
The formation unit, if enabling switch specifically for the broadcast enciphering is in enabled state, to institute State specified broadcasting packet to be encrypted, form broadcast enciphering message.
15. a kind of optical network unit ONUs, it is characterised in that the ONU includes:
Second negotiation element, for consulting encryption key with OLT, determines encryption key and cipher key index;
Memory cell, for storing the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
16. ONU according to claim 15, it is characterised in that
The ONU also includes:
Second receiving unit, the broadcast enciphering message for receiving OLT transmissions;
Resolution unit, the clear portion for parsing the broadcast enciphering message, determines cipher key index;
Query unit, for inquiring about encryption key according to the cipher key index;
Decryption unit, for the cipher text part based on broadcast enciphering message described in the encryption key decryption.
CN201510863047.5A 2015-11-30 2015-11-30 Broadcasting packet encryption method and device Pending CN106817352A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510863047.5A CN106817352A (en) 2015-11-30 2015-11-30 Broadcasting packet encryption method and device
PCT/CN2016/098281 WO2017092465A1 (en) 2015-11-30 2016-09-07 Broadcast packet encryption method, olt, onu, and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510863047.5A CN106817352A (en) 2015-11-30 2015-11-30 Broadcasting packet encryption method and device

Publications (1)

Publication Number Publication Date
CN106817352A true CN106817352A (en) 2017-06-09

Family

ID=58796211

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510863047.5A Pending CN106817352A (en) 2015-11-30 2015-11-30 Broadcasting packet encryption method and device

Country Status (2)

Country Link
CN (1) CN106817352A (en)
WO (1) WO2017092465A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108777678A (en) * 2018-05-18 2018-11-09 北京邮电大学 A kind of netkey interactive system, device and method
CN109583238A (en) * 2018-11-29 2019-04-05 中国电子科技集团公司第四十七研究所 Instruction pipeline stream encipher-decipher method
WO2021056464A1 (en) * 2019-09-27 2021-04-01 华为技术有限公司 Data safety processing method and communication apparatus
CN112751709A (en) * 2020-12-29 2021-05-04 北京浪潮数据技术有限公司 Management method, device and system of storage cluster

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111935181B (en) * 2020-09-25 2021-01-26 北京天御云安科技有限公司 Method for realizing uninterrupted service of key switching under full-secret condition
CN114268412B (en) * 2021-11-18 2023-10-13 岚图汽车科技有限公司 Vehicle communication method, device, storage medium and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1897500A (en) * 2006-05-11 2007-01-17 中国电信股份有限公司 Stir-key updating synchronization for Ethernet non-light source network system
CN101072094A (en) * 2006-05-14 2007-11-14 华为技术有限公司 Key agreement method and system for PON system
CN101183934A (en) * 2007-10-23 2008-05-21 中兴通讯股份有限公司 Cipher key updating method in passive optical network
CN101388806A (en) * 2007-09-12 2009-03-18 中兴通讯股份有限公司 Cipher consistency detection method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1897500A (en) * 2006-05-11 2007-01-17 中国电信股份有限公司 Stir-key updating synchronization for Ethernet non-light source network system
CN101072094A (en) * 2006-05-14 2007-11-14 华为技术有限公司 Key agreement method and system for PON system
CN101388806A (en) * 2007-09-12 2009-03-18 中兴通讯股份有限公司 Cipher consistency detection method and apparatus
CN101183934A (en) * 2007-10-23 2008-05-21 中兴通讯股份有限公司 Cipher key updating method in passive optical network

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108777678A (en) * 2018-05-18 2018-11-09 北京邮电大学 A kind of netkey interactive system, device and method
CN108777678B (en) * 2018-05-18 2020-12-11 北京邮电大学 Network key interaction system, device and method
CN109583238A (en) * 2018-11-29 2019-04-05 中国电子科技集团公司第四十七研究所 Instruction pipeline stream encipher-decipher method
WO2021056464A1 (en) * 2019-09-27 2021-04-01 华为技术有限公司 Data safety processing method and communication apparatus
CN112751709A (en) * 2020-12-29 2021-05-04 北京浪潮数据技术有限公司 Management method, device and system of storage cluster
CN112751709B (en) * 2020-12-29 2023-01-10 北京浪潮数据技术有限公司 Management method, device and system of storage cluster

Also Published As

Publication number Publication date
WO2017092465A1 (en) 2017-06-08

Similar Documents

Publication Publication Date Title
CN106817352A (en) Broadcasting packet encryption method and device
CN106254147B (en) It is a kind of for the configuration method of Wi-Fi network, internet-of-things terminal and control terminal
CN104618900A (en) Network access method for intelligent device, intelligent device and mobile terminal
US7797745B2 (en) MAC security entity for link security entity and transmitting and receiving method therefor
CN109716834B (en) Temporary identifier in a wireless communication system
CN105050083B (en) A kind of network collocating method and system of smart machine
KR101704569B1 (en) Method, Apparatus and System For Controlling Dynamic Vehicle Security Communication Based on Ignition
CN105281904B (en) Encryption method, system, Internet of Things server and the internet-of-things terminal of message data
JP2004129272A (en) Data transfer method in ethernet(r) passive optical subscriber network system
CN106686526B (en) Method and device for acquiring routing information of electric appliance
KR20050006613A (en) Key management device and method for providing security service in epon
WO2011017986A1 (en) Transmission method and assembling method for physical layer operations, administration and maintenance (ploam) message in a passive optical network
WO2021244489A1 (en) Method and apparatus for transmitting encryption control overhead in optical transport network
CN105357007A (en) Encryption communication method and communication terminal
CN113228720B (en) Method and apparatus for ensuring secure attachment in a size-constrained authentication protocol
CN105007163A (en) Pre-shared key (PSK) transmitting and acquiring methods and transmitting and acquiring devices
US8942378B2 (en) Method and device for encrypting multicast service in passive optical network system
EP1830517A1 (en) A method, communication system, central and peripheral communication unit for packet oriented transfer of information
EP3474490A1 (en) Service activating method, device and system, and storage medium
CN101778311A (en) Distribution method of optical network unit marks and optical line terminal
CN115767513A (en) Data networking mode of WiFi Mesh
US12010507B2 (en) Secure beacons
CN110830421A (en) Data transmission method and device
CN111093193B (en) MAC layer secure communication method suitable for Lora network
EP3146742B1 (en) Exception handling in cellular authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170609

RJ01 Rejection of invention patent application after publication