CN106817352A - Broadcasting packet encryption method and device - Google Patents
Broadcasting packet encryption method and device Download PDFInfo
- Publication number
- CN106817352A CN106817352A CN201510863047.5A CN201510863047A CN106817352A CN 106817352 A CN106817352 A CN 106817352A CN 201510863047 A CN201510863047 A CN 201510863047A CN 106817352 A CN106817352 A CN 106817352A
- Authority
- CN
- China
- Prior art keywords
- message
- key
- olt
- onu
- broadcasting packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/601—Broadcast encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a kind of broadcasting packet encryption method, OLT and ONU, methods described includes:Optical line terminal OLT determines specified broadcasting packet to be encrypted;The specified broadcasting packet is encrypted, broadcast enciphering message is formed;The broadcast enciphering message is sent to optical network unit ONU.
Description
Technical field
The present invention relates to optical communication field, more particularly to a kind of broadcasting packet encryption method and device.
Background technology
As shown in figure 1, in Ethernet passive optical network (Ethernet Passive Optical Network, letter
Claiming EPON system includes optical line terminal (Optical Line Terminal, abbreviation OLT), optical distribution
Network (Optical Distribution Network, ODN) and optical network unit (Optical Network Unit,
Abbreviation ONU).The OLT and optical signal transmission can be carried out between ONU;And from OLT to ONU
Sendaisle be referred to as down going channel, the data of transmission are downlink data.ODN is used in OLT and ONU
Between optical channel is provided.
As shown in figure 1, an optical line terminal can be connected by optical splitter with multiple optical network units.If
OLT is transferred to if the downlink data of ONU do not encrypt, and ONU may eavesdrop other ONU information,
In order to avoid the appearance of such case, it is necessary to take encryption for downlink data, to prevent ONU between information
Leakage.
Some methods being encrypted to downlink data are proposed in currently available technology, but actually used
When, still find that there are some information still to be stolen by other ONU causes the leakage of information.
The content of the invention
In view of this, the embodiment of the present invention is expected to provide broadcasting packet encryption method and device, being capable of at least portion
Decompose the problem of information leakage of determining.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
Embodiment of the present invention first aspect provides a kind of broadcasting packet encryption method, and methods described includes:
Optical line terminal OLT determines specified broadcasting packet to be encrypted;
The specified broadcasting packet is encrypted, broadcast enciphering message is formed;
The broadcast enciphering message is sent to optical network unit ONU.
Based on such scheme, methods described also includes:
The OLT and ONU consults encryption key, determines encryption key and cipher key index;
It is described that the specified broadcasting packet is encrypted, broadcast enciphering message is formed, including:
The part to be encrypted of the specified broadcasting packet is encrypted using the encryption key, and will be described
Cipher key index carries the clear portion in the specified broadcasting packet, forms the broadcast enciphering message;
Wherein, the cipher key index determines the encryption key for the ONU.
Based on such scheme, the OLT and ONU consults encryption key, determines encryption key and key rope
Draw, including:
Secret key request message is sent to the ONU for receiving the broadcast enciphering message;
After the secret key request message is sent, start the first timing;
In the timing time of first timing, receive the ONU and returned based on the secret key request message
The response message for returning;
The encryption key is extracted from the response message.
Based on such scheme, the OLT and ONU consults encryption key, determines encryption key and key rope
Draw, also include:
If the first timing time-out does not receive the response message also or do not extract encryption key, weigh
Newly send the secret key request message.
Based on such scheme, the optical line terminal OLT determines specified broadcasting packet to be encrypted, including:
The lead code and command code opcode fields of analytic message, obtain parsing information;
Determine whether the message is specified message to be encrypted according to the parsing information.
Based on such scheme, methods described also includes:
Detection broadcast enciphering enables switch;
It is described that the specified broadcasting packet is encrypted, broadcast enciphering message is formed, including:
If the broadcast enciphering enables switch and is in enabled state, the specified broadcasting packet is encrypted,
Form broadcast enciphering message.
Embodiment of the present invention second aspect provides a kind of broadcasting packet encryption method, and methods described includes:
ONU and OLT consults encryption key, determines encryption key and cipher key index;
Store the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and
ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
Based on such scheme, methods described also includes:
Receive the broadcast enciphering message that OLT sends;
The clear portion of the broadcast enciphering message is parsed, cipher key index is determined;
Encryption key is inquired about according to the cipher key index;
Cipher text part based on broadcast enciphering message described in the encryption key decryption.
The embodiment of the present invention third aspect provides a kind of optical line terminal OLT, and the OLT includes:
First determining unit, for determining specified broadcasting packet to be encrypted;
Unit is formed, for being encrypted to the specified broadcasting packet, broadcast enciphering message is formed;
First transmitting element, for sending the broadcast enciphering message to optical network unit ONU.
Based on such scheme, the OLT also includes:
First negotiation element, encryption key is consulted for OLT and ONU, determines encryption key and key rope
Draw;
The formation unit, specifically for utilizing the encryption key to the to be encrypted of the specified broadcasting packet
Part is encrypted, and the cipher key index is carried into the clear portion in the specified broadcasting packet, is formed
The broadcast enciphering message;
Wherein, the cipher key index determines the encryption key for the ONU.
Based on such scheme, first transmitting element is additionally operable to the reception broadcast enciphering message
ONU sends secret key request message;After the secret key request message is sent, start the first timing;
The OLT also includes:
First receiving unit, is based on in the timing time of first timing, receiving the ONU
The response message that the secret key request message is returned;
First negotiation element, specifically for extracting the encryption key from the response message.
Based on such scheme, first transmitting element, if be additionally operable to the first timing time-out not receiving also
To the response message or encryption key is not extracted, then resend the secret key request message.
Based on such scheme, first determining unit, specifically for the lead code and command code of analytic message
Opcode fields, obtain parsing information;And determine whether the message is to be encrypted according to the parsing information
Specified message.
Based on such scheme, the OLT also includes:
Detection unit, for detecting that broadcast enciphering enables switch;
The formation unit, if enabling switch specifically for the broadcast enciphering is in enabled state, to institute
State specified broadcasting packet to be encrypted, form broadcast enciphering message.
Embodiment of the present invention fourth aspect provides a kind of optical network unit ONU, and the ONU includes:
Second negotiation element, for consulting encryption key with OLT, determines encryption key and cipher key index;
Memory cell, for storing the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and
ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
Based on such scheme, the ONU also includes:
Second receiving unit, the broadcast enciphering message for receiving OLT transmissions;
Resolution unit, the clear portion for parsing the broadcast enciphering message, determines cipher key index;
Query unit, for inquiring about encryption key according to the cipher key index;
Decryption unit, for the cipher text part based on broadcast enciphering message described in the encryption key decryption.
Broadcasting packet encryption method provided in an embodiment of the present invention and device, can determine whether out specifying for needs encryption
Broadcasting packet, is then encrypted to form broadcast enciphering message to broadcasting packet, and OLT sends to ONU
Broadcast enciphering message, so avoids after ONU receives broadcasting packet, to cause broadcasting packet to be stolen
And information leakage, increase the difficulty of information leakage, improve Information Security.
Brief description of the drawings
Fig. 1 is a kind of structural representation of EPON system;
Fig. 2 is the schematic flow sheet of the first broadcasting packet encryption method provided in an embodiment of the present invention;
Fig. 3 is the schematic flow sheet of second broadcasting packet encryption method provided in an embodiment of the present invention;
Fig. 4 is the schematic flow sheet of the third broadcasting packet encryption method provided in an embodiment of the present invention;
Fig. 5 is the schematic flow sheet of the 4th kind of broadcasting packet encryption method provided in an embodiment of the present invention;
Fig. 6 is a kind of structural representation of OLT provided in an embodiment of the present invention;
Fig. 7 is a kind of structural representation of ONU provided in an embodiment of the present invention;
Fig. 8 is the part-structure schematic diagram of message provided in an embodiment of the present invention;
Fig. 9 is the schematic flow sheet of AES encryption provided in an embodiment of the present invention;
Figure 10 is that the comparison of the data frame before and after utilization triple stirring encryption provided in an embodiment of the present invention is illustrated
Figure;
Figure 11 is encrypted key exchange flow signal in triple stirring ciphering process provided in an embodiment of the present invention
Figure.
Specific embodiment
Research finds that optical line terminal is sent to the data of optical network unit can all take various cipher modes to enter
Row encrypted transmission.But only common unicast and multi-cast business data are encrypted, not specifically designed for broadcast number
According to encryption, and some broadcast datas are caused to be stolen and revealed by illegal ONU.In view of this, this implementation
Example provides a kind of broadcasting packet encryption method, and specified broadcasting packet to be encrypted is encrypted, and improves letter
Breath security.Technical scheme is done further below in conjunction with Figure of description and specific embodiment
Elaborate.
Embodiment one:
As shown in Fig. 2 the present embodiment provides a kind of broadcasting packet encryption method, the method includes:
Step S110:Optical line terminal OLT determines specified broadcasting packet to be encrypted;
Step S120:The specified broadcasting packet is encrypted, broadcast enciphering message is formed;
Step S130:The broadcast enciphering message is sent to optical network unit ONU.
Before the OLT sends downlink data in the present embodiment, if the downlink data for sending is reported for broadcast
Text, it will determine whether it is the specified broadcasting packet for needing encryption.Here specified broadcasting packet can be specified
The broadcasting packet of type.It is specific to register broadcasting packet and non-registered broadcasting packet as broadcasting packet be divided into;
The specified broadcasting packet can be non-registered broadcasting packet.Such as, the OLT receives indicator,
The indicator encrypts some broadcasting packet, and this specifies the broadcasting packet to be encrypted to be the specified broadcast
Message.Certainly when implementing, the body part of the broadcasting packet can be also parsed, according to body part
The security requirement of content, determines whether corresponding broadcasting packet is the specified broadcasting packet.
Broadcast enciphering message will be formed to specifying broadcasting packet to be encrypted in the step s 120, like this,
Be just that other ONU steal the broadcasting packet, no key cannot also obtain broadcasting packet it is interior perhaps
Steal the difficulty increase of the content of broadcasting packet.The broadcasting packet is encrypted and can wrapped in the step s 120
Include all encryption or Partial encryption.Here Partial encryption can be that the partial content only to broadcasting packet is added
Close, such as the packet header not to broadcasting packet is encrypted, and the text only to broadcasting packet is encrypted.Institute
State and all be encrypted as being encrypted whole broadcasting packet.
The broadcast enciphering message that will be formed after encryption in step s 130 is sent to ONU, and transmission here can
ONU is issued to by ODN.
Broadcasting packet encryption method described in the present embodiment, the information between OLT and ONU that not only increases is passed
Defeated security, reduces information leakage, also with realizing easy the characteristics of.
As shown in figure 3, in the present embodiment, methods described also includes:
Step S101:The OLT and ONU consults encryption key, determines encryption key and cipher key index;
The step S120 may include:Using the encryption key to the compact part to be added of the specified broadcasting packet
Divide and be encrypted, and the cipher key index is carried into the clear portion in the specified broadcasting packet, form institute
State broadcast enciphering message;Wherein, the cipher key index determines the encryption key for the ONU.
The OLT can be assisted with needing the ONU for receiving the broadcasting packet to be encrypted key in the present embodiment
Business, like this, OLT and corresponding ONU will determine encryption key, facilitate follow-up ONU to broadcast
The decryption of encrypted message.In implementation process, an encryption key can be determined by the OLT, issued
To ONU, it is also possible to which ONU determines an encryption key, is sent to OLT.But in this implementation
In order to avoid other ONU steal encryption key in example, it is usually preferred to be to determine encryption key by ONU,
OLT is sent to by up optical channel.A cipher key index, this key are also can determine whether in the present embodiment
After index facilitates ONU to receive the broadcast enciphering message, from the clear portion of broadcast enciphering message
Extract, and then determine the encryption key.Here the cipher key index equally can be described
What ONU the determines, or OLT determined, preferably described cipher key index in the present embodiment
Determined by the side for forming the encryption key.
The clear portion of the cipher key index is carried in the present embodiment, it may include before in message middle wrapping head
Leading code.For example, the cipher key index can be represented using the partial bit in the 5th of lead code the byte;
Specifically such as, the cipher key index is represented using last 2 bits in the 5th byte.
In a word, the present embodiment methods described, OLT can be encrypted the negotiation of key with ONU in advance, from
And encryption key and cipher key index are determined, to facilitate the decryption of subsequent broadcast encrypted message.
Certainly during concrete implementation, the OLT and ONU can pre-set multiple encryption keys,
Subsequently when holding consultation, it is only necessary to consult the corresponding cipher key index of encryption key.It is in the present embodiment
Further improving information safety, the encryption key is dynamic life for OLT and ONU wherein one end
Into, rather than selected from the key that multiple pre-sets.
Further, the step S101 may include:
Secret key request message is sent to the ONU for receiving the broadcast enciphering message;
After the secret key request message is sent, start the first timer;
In the timing time of first timer, receive the ONU and be based on the secret key request message
The response message of return;
The encryption key is extracted from the response message.
The secret key request message may correspond to a key request frame, such as described OLT in the present embodiment
By to receive correspondence broadcasting packet ONU send a key request frame, ONU receive it is described close
A key notification frame for carrying encryption key can be recovered after key claim frame as the response message.This
Sample OLT can just be extracted from the response message and be carried out the encryption key of broadcasting packet encryption.Usual institute
Stating also includes cipher key index in response message, and cipher key index here can be sequence number of the key etc..
In the present embodiment, after the OLT has sent the secret key request message, can start timer is carried out
Timing starts counter and is counted to carry out timing, if described in OLT receives in the first timing time
Response message, represents and this time consults successfully;So the ineffectiveness of key agreement is defined, it is to avoid
Ignore the safety issue of ageing caused encryption key in cipher key agreement process.
Further, the step S101 also includes:If the first timing time-out does not receive the sound also
Answer message or do not extract encryption key, the response message is not received also, then resend the key
Request message.If current OLT has the data to need to send, the OLT can also be first in the present embodiment
When timing is overtime or does not extract encryption key, the secret key request message is resend, it is close to re-start
Key is consulted to ensure the normal transmission of broadcasting packet.
Certainly currently ONU may be broken down during concrete implementation, even if continuing to send described close
Key request message is not also used, and can cause OLT loads excessive on the contrary;Like this, in the present embodiment may be used
To specify predetermined number of times, if the continuous number of times consulted exceedes predetermined number of times, stop sending the key request
Message stops failing in the transmission key negotiation request message, or output key agreement after specifying duration
Etc. prompt message.
In the present embodiment, the step S110 may include:
Step S111:The lead code and command code opcode fields of analytic message, obtain parsing information;
Step S112:Determine whether the message is specified message to be encrypted according to the parsing information.
The step S111 may include:The lead code of broadcasting packet is parsed, the pattern in the lead code is extracted
Position and LLID;According to the mode bit and/or LLID, determine the message whether be
Broadcasting packet.
Message can be divided into broadcasting packet, unicast message and multicast message.Message can be divided into packet header and text two again
Individual part, in messages including lead code, destination address (Destination Address, DA), source address
The information such as (Sources Address, SA) and type field.Include two LLIDs in lead code
(Logic Link Identification, LLID) field.Usual each LLID includes 8 bits;From
And two LLID fields totally 16 bits, the most significant bit of this 16 bit is the mode bit, afterwards 15
Individual bit is the LLID for recording the broadcasting packet.If the mode bit is under normal conditions
1, the message is represented for broadcasting packet, if latter 15 are all 1 and also illustrate that the message is broadcasting packet.
Step S112 is the content in the parsing opcode fields, determines whether the broadcasting packet is not
The logon message that can be encrypted.For example, the content of the opcode fields is 02,04,05,06
When, generally represent this broadcasting packet for logon message, here 02,04,05,06 it is corresponding be 16
System number.If therefore in step S112 the content of opcode fields be not 16 systems 02,04,05 and
When 06, then the broadcasting packet can be as the specified broadcasting packet to be encrypted.
Used as further improvement of this embodiment, broadcasting packet is not encrypted under normal circumstances, only at some
Under special screne, such as when some ONU are carried out with the treatment such as broadcasting packet transmitting-receiving test, may only need
Broadcasting packet is sent to specific ONU.It is more preferable compatible in order to be carried out with prior art in the present embodiment
Individual, methods described also includes in the present embodiment:Detection broadcast enciphering enables switch;The step S120
Including:If the broadcast enciphering enables switch and is in enabled state, the specified broadcasting packet is added
It is close, form broadcast enciphering message.Switch can be enabled for OLT configures an encryption in advance in the present embodiment,
If being currently needed for sending the broadcasting packet of needs encryption, the broadcast enciphering is enabled into switch in enable shape
State, like this, can just trigger the OLT and perform above-mentioned steps S110 to step S130.The broadcast
The default conditions that encryption enables switch are non-enabled state, and under non-enabled state, the OLT will not be to wide
Text is reported to be encrypted.
Have various to the mode for specifying broadcasting packet to be encrypted in the step S130, two kinds presented below can
Select mode.
The first:The specified message is carried out Advanced Encryption Standard (Advanced Encryption Standard,
Abbreviation AES) encryption.AES encryption is a kind of cipher mode based on block encryption standard, in the present embodiment
In the encryption unit graduation of encryption can will be needed to be divided into multiple blocks in specified broadcasting packet, for example, by encryption unit
Continuously distributed 128 data in point are divided into a block, using the encryption key pair that length is 128
Each block is encrypted.
Second:
Agitation encryption is carried out to specified broadcasting packet using stir-key, for example, using stir-key to described
Specified broadcasting packet carries out triple stirring encryption.Agitation is encrypted as upsetting in needs encryption using stir-key
Hold, so that the information after agitation encryption shows out of order property, so ONU without stir-key is
Just the message is stolen, also will be considered that it is a nonsensical mess code message.In the present embodiment in order to carry
Cipher round results are risen, the security of broadcasting packet is lifted, is chosen as using triple stirring in the present embodiment, it is right
Specified broadcasting packet carries out the agitation encryption of at least three times.
In a word, a kind of broadcasting packet encryption method is present embodiments provided, the wide of encryption can be needed to part
Report text to be encrypted, improve the Information Security of broadcasting packet, reduce the leakage of information.
Embodiment two:
As shown in figure 4, the present embodiment provides a kind of broadcasting packet encryption method, methods described includes:
Step S210:ONU and OLT consults encryption key, determines encryption key and cipher key index;
Step S220:Store the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and
ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
Broadcasting packet encryption method described in the present embodiment is the method being applied in ONU, and the OUN can be with
OLT carries out the negotiation of the encryption key of broadcasting packet encryption, determines encryption key and cipher key index.In step
When will store the encryption key and cipher key index, so subsequently received broadcast enciphering message in rapid S220,
The encryption key can be found using the cipher key index, and using wide described in the encryption key decryption
Broadcast encrypted message;The phenomenon that broadcasting packet is stolen by other incoherent ONU can so be reduced.
It is worth noting that:Before step S220 described in the present embodiment is likely to occur in the step S210,
For example, ONU has prestored multiple encryption keys and the corresponding cipher key index of encryption key, step is being performed
During S210, the ONU selected from the encryption key and cipher key index that prestore one group as with OLT
This carries out the encryption key and cipher key index of broadcasting packet interaction.Therefore the step S210 in the present embodiment
Can be as shown in Figure 4 with the execution sequence of step S220, it is also possible to before being step S220, step S210
Rear.
As shown in figure 5, used as further improvement of this embodiment, methods described also includes:
Step S230:Receive the broadcast enciphering message that OLT sends;
Step S240:The clear portion of the broadcast enciphering message is parsed, cipher key index is determined;
Step S250:Encryption key is inquired about according to the cipher key index;
Step S260:Cipher text part based on broadcast enciphering message described in the encryption key decryption.
ONU receives broadcast enciphering message in the present embodiment, parses the clear portion of broadcast enciphering message,
Here clear portion may include lead code.The field of the cipher key index is carried by parsing lead code, is obtained
To the cipher key index, and then corresponding encryption key is found using cipher key index, finally perform step
S260 decodes the cipher text part of the broadcast enciphering message using the encryption key;With the spy for realizing simplicity
Point.It is worth noting that:If the cipher mode of broadcast enciphering message is symmetric cryptography in step S260,
The encryption key i.e. decruption key, can be directly using the encryption key to the broadcast enciphering report
Text is decoded.If the cipher mode of the broadcast enciphering message is asymmetric encryption, the encryption key
To that there should be decruption key, then need to determine the decruption key according to the encryption key, using decruption key
Carry out the secret broadcast enciphering message.
Embodiment three:
As shown in fig. 6, the embodiment of the present invention provides a kind of optical line terminal OLT, the OLT includes:
First determining unit 110, for determining specified broadcasting packet to be encrypted;
Unit 120 is formed, for being encrypted to the specified broadcasting packet, broadcast enciphering message is formed;
First transmitting element 130, for sending the broadcast enciphering message to optical network unit ONU.
The present embodiment provides a kind of OLT, and the OLT includes first determining unit 110, forms unit 120
With the first transmitting element 130.First determining unit 110 and the formation unit 120 may both correspond to
Processor or process circuit in the OLT, the processor may include central processing unit, application processor,
Microprocessor, digital signal processor or programmable array.The processor or process circuit are referred to by execution
Determine code, realize first determining unit 110 and the function of forming unit 120.
First transmitting element 130 corresponds to the light transmission interface of the OLT, for example, corresponding to described
OLT can be used in for the OUN sending encrypted message to the descending transmission interface of ONU sending signals.
The OLT can be encrypted to the broadcasting packet for needing encryption in the present embodiment, it is to avoid need not connect
Other ONU for receiving the broadcasting packet reveal the information content of the broadcasting packet, lift the security of information.
Further, the OLT also includes:First negotiation element, encryption is consulted for OLT and ONU
Key, determines encryption key and cipher key index;The formation unit 120, specifically for utilizing the encryption
Key is encrypted to the part to be encrypted of the specified broadcasting packet, and the cipher key index is carried in institute
The clear portion of specified broadcasting packet is stated, the broadcast enciphering message is formed;Wherein, the cipher key index is used
Determine the encryption key in the ONU.First negotiation element may correspond to communication interface or treatment
Device, can operate by with many information exchanges of OUN and information analysis extraction etc., determine the encryption
Key and cipher key index.In the present embodiment by the setting of the first negotiation element, can be negotiated with easy
Encryption key such that it is able to facilitate broadcast enciphering message described in ONU subsequent decryptions.
Further, first transmitting element 130, is additionally operable to the ONU for receiving the broadcast enciphering message
Send secret key request message;After the secret key request message is sent, start the first timing;
The OLT also includes:
First receiving unit, is based on in the timing time of first timing, receiving the ONU
The response message that the secret key request message is returned;
First negotiation element, specifically for extracting the encryption key from the response message.
First receiving unit may include the downlink reception interface of OLT, can be used in receiving institute from ONU
State response message.In the present embodiment, it is also provided with the first timing, it is to avoid because negotiation time is long caused
Various information security sex chromosome mosaicisms, information security sex chromosome mosaicism here may include that encryption key is compromised.
In the present embodiment, first transmitting element 130, if being additionally operable to the first timing time-out also not
Receive the response message or do not extract encryption key, then resend the secret key request message.
Of course for the smooth transmission for ensureing broadcasting packet in the present embodiment, if occur above-mentioned three kinds of situations at least its
One of when, the secret key request message will be resend.When implementing, first transmitting element
130 number of times for sending the secret key request message to same ONU just stop after reaching predetermined number of times,
Or transmission is spaced after stopping a period of time, or warning message for consulting failure etc. is sent to upper layer device.
Specifically, first determining unit 110, specifically for the lead code and command code of analytic message
Opcode fields, obtain parsing information;And determine whether the message is to be encrypted according to the parsing information
Specified message.Mode bit that the lead code is mentioned in previous embodiment and LLID etc. are believed
Breath, can determine that whether the message for being currently needed for sending is broadcasting packet according to lead code, according to the opcode
The content of field can determine that whether specified broadcasting packet to be encrypted, with simple structure and realize easy
Feature.
Further, the OLT also includes:
Detection unit, for detecting that broadcast enciphering enables switch;
The formation unit 120, if enabling switch specifically for the broadcast enciphering is in enabled state,
The specified broadcasting packet is encrypted, broadcast enciphering message is formed.
The detection unit may correspond to processor or process circuit in the present embodiment, can detect described
Whether the field that the expression broadcast enciphering in OLT is enabled is set to correspond to specifying for the enabled state
It is worth to determine that the broadcast enciphering enables the state of switch.Certainly this is a kind of realization, concrete implementation
Structure is also various, is not limited to above-mentioned realize structure.
By the setting of detection unit, the detection of the state of switch is enabled to broadcast enciphering by detection unit,
Can with it is compatible well in the prior art, by default the broadcast enciphering enable switch it is usually non-
Enabled state, to avoid the transmission of the most of broadcasting packets that need not be encrypted of influence.
Example IV:
As shown in fig. 7, the present embodiment provides a kind of optical network unit ONU, the ONU includes:
Second negotiation element 210, for consulting encryption key with OLT, determines encryption key and cipher key index;
Memory cell 220, for storing the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and
ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
The second negotiation element 210 may correspond to the optical communication interface in the ONU and place described in the present embodiment
Reason device or process circuit etc., information exchange is carried out using optical communication interface and OLT, is determined by information exchange
Go out cipher key index and cipher key index.For example, the encryption key that will be determined using the optical communication interface and close
At least one of key index, is sent to the OLT.The ONU can also including memory cell 220
Various storage mediums in corresponding to the ONU, can be used to store the encryption key and cipher key index.
In a word, ONU described in the present embodiment can assist OLT to determine to add by the negotiation between OLT
Key, facilitates OLT to be encrypted to broadcasting packet to be encrypted using the encryption key, to improve broadcast
The Information Security of message.
Further, the ONU also includes:
Second receiving unit, the broadcast enciphering message for receiving OLT transmissions;
Resolution unit, the clear portion for parsing the broadcast enciphering message, determines cipher key index;
Query unit, for inquiring about encryption key according to the cipher key index;
Decryption unit, for the cipher text part based on broadcast enciphering message described in the encryption key decryption.
The optic communication that second receiving unit described in the present embodiment may correspond to that optic communication can be carried out with OLT connects
Mouthful, can be from OLT receive informations, such as described broadcast enciphering message.The broadcast in the present embodiment adds
Secret report text may include clear portion and cipher text part;The information of need for confidentiality is located in embodiments of the present invention
In the cipher text part.The clear portion may include the information such as the lead code of message.The cipher key index
Positioned at the clear portion.Therefore resolution unit can be decrypted to clear portion in the present embodiment, institute is obtained
Cipher key index is stated, encryption key is being determined according to cipher key index, so that based on wide described in encryption key decryption
The encryption part of encrypted message is broadcast, so that the message content of the original broadcast message after being decrypted, realizes
The encryption interaction of broadcasting packet, is prevented from the leakage of information, improves the security of information.
An example is provided below in conjunction with above-mentioned any embodiment:
This example provides a kind of broadcasting packet encryption system, and the system can be to be applied in OLT and ONU
System, including:Broadcasting service bag discriminating unit, interactive unit, lead code modification unit, AES encryption list
Unit and triple stirring ciphering unit.
Using above-mentioned broadcasting packet encryption system, perform broadcasting packet encryption and comprise the following steps:
The first step:;Using broadcast (Broadcast) business packet discriminating unit, the discriminating of broadcast packet is completed.
In EPON system, it is possible to use the content of LLID and mode bit determines corresponding message
Whether it is broadcasting packet.If usual mode bit value is 1, represent that the message is broadcasting packet;Or,
When each bit of LLID is 1, represent that the message is broadcasting packet.Fig. 8 is the portion of message
Point schematic diagram, message includes lead code, destination address da field, source address sa field, length/
The fields such as type field, OP-code fields;The also field such as data area does not show in fig. 8.Institute
Stating lead code includes reserved field 1, reserved field 2, SFD (Start of Packet
Delimiter, SPD) field, the LLID of two byte lengths and check (CRC) field.Message
Second step:Using interactive unit, it is determined whether be encrypted and the various encryption parameters such as cipher mode.
The step specifically may include:When new broadcast data packet header is received, according to the broadcast being pre-configured with
Encryption enables switch, decides whether to apply for encryption key.In this example, broadcasting packet cipher key index is used
Direct register is configured, if broadcast enciphering switch is in enabled state, directly inquiry is directly deposited
The cipher key index of device configuration, judges whether to need encryption and cipher mode according to cipher key index.In this example
Cipher mode may include AES encryption and triple stirring encryption.
3rd step:Lead code changes unit, according to the treatment of cipher key interaction unit above, decides whether
Modification lead code is (lead code modification unit), and after encryption key is applied for, broadcast enciphering makes switch
State still keeps enabling effectively, then the low 2bit of the 5th byte in lead code is changed into 1 and key rope
Draw, and amended lead code is verified, generate check value.For example, being done to amended lead code
Cyclic check, generates cyclic check value.
4th step:Encryption enable and cipher mode according to second step, are encrypted.The encryption side
Formula may include AES encryption and triple stirring encryption.AES encryption is introduced individually below and triple is stirred
Move implementing for encryption.
When carrying out AES encryption using AES encryption unit, the data that will be encrypted carry out being divided into one
Multiple data blocks, each of which data block includes 128 bits.As shown in figure 9, will split what is formed
Data block as input block, with encryption key together as the input of encryption logic, by AES encryption
Afterwards, the IOB after encryption will be formed.The bit number that usual IOB includes includes with the input block
Bit number is identical.Next, IOB is carried out into XOR with rear 16 byte of corresponding Plaintext block,
Obtain completing the ciphertext of AES encryption.
The AES encryption unit is also used in final determination encryption key;Specifically such as may include:
1) OLT sends KEY_ASSIGN message.Include 16 in the KEY_ASSIGN message
Initial value, first key activationary time, 128 initial keys in encryption input value.Here
KEY_ASSIGN message corresponds to the secret key request message in previous embodiment.
2) while OLT sends KEY_ASSIGN message, a time-out counter is started.
3) receive ONU and send KEY_RESPONSE message.In the KEY_RESPONSE message
Key after being updated containing 128, and the second key activation time.Here KEY_RESPONSE
Message corresponds to the response message in previous embodiment.
4) if the time-out counter of OLT is represented and had timed, out, KEY_RESPONSE is not received also,
Or judge that OLT and ONU consults to lose based on first key activationary time and the second key activation time
Lose and do not extract encryption key, just restart cipher key interaction process.First key activationary time is sent out for OLT
The timestamp of KEY_ASSIGN message is sent, the second key activation time was transmission KEY_RESPONSE
The timestamp of message, according to the two timestamps, it becomes possible to determine propagation delay time, if propagation delay time is big
In preset time delay, such words, it is believed that consult failure.
128 initial keys that OLT sends can form the key after 128 renewals as the ONU
Initial value.128 initial key and 128 update after key can also it doesn't matter completely,
Described in embodiment 128 update after key to be used in previous embodiment encrypting specified broadcasting packet
Encryption key.
6th step:Triple stirring ciphering unit is encrypted for triple stirring.In triple stirring ciphering process,
OLT proposes key updating requirement, and ONU provides 3 byte stir-keys, and OLT uses this stir-key
Complete agitation encryption.After agitation encryption is enabled, to all of data frame of non-registered broadcasting packet and OAM
Frame is stirred.This non-registered broadcasting packet is to correspond to foregoing specified broadcasting packet.
Stir-key is ONU by 3 byte datas of extraction in uplink user data and 3 byte random numbers
Or the result being added.
The 5th byte in lead code realizes key synchronization as the identification field that stir-key is indexed.
The form before broadcast data frame agitation encryption and the form after agitation encryption are shown in Fig. 10.In figure
The data frame before agitation encryption shown in 10 includes lead code and other data existed with plaintext version.
2 LLID fields of byte length in lead code, be stored with mode bit and logic chain in the field
Line, and two long be 2 reserved fields of byte 1 and reserved field 2.After encryption is stirred
Data frame in, with the addition of encrypted indexes in latter byte of the reserved field 2 of code of registering.And stirring
In the data of dynamic encryption, agitation encryption is carried out to data agitation stirring section using stir-key.
The data stirring section shown in Figure 10 may include destination address da field, source address sa field,
Length/type field and data area and FCS fields.The FCS is Frame Check Sequence
Abbreviation, be check field;Can utilize and preserve the verification datas such as the cyclic check code of the data frame.FCS
The verification data of middle storage can be used to verify the data of data area memory storage.In lead code circulation
The check code of check code crc field storage, can be used for the verification to lead code store data inside.
Key updating is by new key claim frame (new_key_request) and key notification frame
(new_churning_key) realize.OLT sends the new key asked including new key to ONU
Claim frame, sequence number of the claim frame comprising the current key for being used for descending encryption.Here new key
Claim frame is equivalent to secret key request message in previous embodiment.
ONU is received and is produced after new key claim frame the sequence number of new stir-key, the stir-key can be
Binary system sequence number, In-use_Key_Index bytes are most in being thought received new key claim frame
Binary complement code of low level.
ONU sends new key notification frame to OLT, and new key index field is included in new key notification frame
With new stir-key field.Usual new key index field includes cipher key index, and data length is 1 word
Section, new stir-key field includes stir-key, and data length is 3 bytes.New key sequence index word
The value of the lowest order of section (New_Key_Index) is indexed for new key, and remaining bits value can be set to
Designated value, designated value here can be 0 or 1.Here new key notification frame can be equivalent to foregoing implementation
The response message returned based on secret key request message in example.
After OLT receives new key notification frame, it is possible to subsequent frame is stirred using new stir-key
Encryption.Key synchronization realizes by the 2nd byte in the reserved field 2 in each frame, as long as
ONU is received in the agitation frame of OLT transmissions, and cipher key index Key_Index can be in new key notification frame
Cipher key number, then ONU carry out solution agitation using new key.2nd word of the reserved field 2
Be can be set in section has Flag and encrypted indexes;The Flag may include 1 bit, represent current message
Whether encryption is had, such as when the content of the bit is 0 expression unencryption, when the bit is 1 expression encryption.
The index informations such as the key label of encryption key that the corresponding bit of the encrypted indexes is represented.
OLT has a timer key_update_timer, for the control key update cycle.When this is fixed
When device time-out, OLT then starts above-mentioned key updating process.OLT uses another timer
Churning_Timer is used for conduct and starts next secondary key in the case where that cannot obtain key updating frame condition more
The mechanism of new request, to increase the reliability of key updating.Here timer Churning_Timer
Equivalent to the timer for carrying out timing in previous embodiment to the first timing.
When OLT sends new key claim frame every time, start timer Churning_Timer.Work as OLT
The correct new key notification frame that ONU sends is have received before Churning_Timer time-out, then OLT
Enable new key carries out agitation encryption as stir-key, and Churning_Timer is resetted.
OLT then recognizes still without new key notification frame is received after timer Churning_Timer time-out
For cipher key interaction fails, Churning_Timer is resetted;And the new key of an OLT transmission new rounds please
Seek frame.
Before new key is successfully interacted, ONU still uses original key, and will be close by OLT
The information reporting of key interaction failure is to webmaster.If after the continuous 3 transmissions new key claim frames of OLT still
So key updating frame cannot be received before Churning_Timer time-out, then OLT should be to network management alarm.
Downlink business is still stirred using old key.Key updating cycle TkeyAnd timer
The value of Churning_Timer can configure.TkeyDefault value be 10s.Key updating and synchronizing process.
Figure 11 provides the schematic flow sheet that stir-key interaction is carried out between OLT and ONU, including:
OLT is in a key updating cycle TkeyNew key is sent in time to ONU to ask.
After ONU receives new key request, stir-key 0 is returned to OLT.
OLT receives stir-key 0.
OLT carries out agitation encryption using stir-key 0.
ONU is follow-up after broadcast enciphering message is received, can be using the solution agitation encryption of stir-key 0.
OLT is in next TkeyIn time, new key request is sent.
After OLT ONU receive new key request, stir-key 1 is returned to OLT.
OLT carries out agitation encryption using stir-key 1.
ONU is follow-up after broadcast enciphering message is received, can be using the solution agitation encryption of stir-key 1.
In several embodiments provided herein, it should be understood that disclosed apparatus and method,
Can realize by another way.Apparatus embodiments described above are only schematical, for example,
The division of the unit, only a kind of division of logic function, can there is other division when actually realizing
Mode, such as:Multiple units or component can be combined, or be desirably integrated into another system, or some are special
Levying to ignore, or does not perform.In addition, the coupling each other of shown or discussed each part,
Or direct-coupling or communication connection can be the INDIRECT COUPLINGs or logical of equipment or unit by some interfaces
Letter connection, can be electrical, machinery or other forms.
It is above-mentioned as separating component illustrate unit can be or may not be it is physically separate, make
For the part that unit shows can be or may not be physical location, you can with positioned at a place,
Can also be distributed on multiple NEs;Can according to the actual needs select therein part or all of
Unit realizes the purpose of this embodiment scheme.
In addition, each functional unit in various embodiments of the present invention can be fully integrated into a processing module
In, or each unit individually as a unit, it is also possible to two or more unit collection
Into in a unit;Above-mentioned integrated unit can both be realized in the form of hardware, it would however also be possible to employ
Hardware adds the form of SFU software functional unit to realize.
One of ordinary skill in the art will appreciate that:Realize all or part of step of above method embodiment
Can be completed by the related hardware of programmed instruction, foregoing program can be stored in a computer-readable
Take in storage medium, the program upon execution, performs the step of including above method embodiment;And it is foregoing
Storage medium include:Movable storage device, read-only storage (ROM, Read-Only Memory),
Random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various
Can be with the medium of store program codes.
The above, specific embodiment only of the invention, but protection scope of the present invention do not limit to
In this, any one skilled in the art the invention discloses technical scope in, can be easily
Expect change or replacement, should all be included within the scope of the present invention.Therefore, protection of the invention
Scope should be based on the protection scope of the described claims.
Claims (16)
1. a kind of broadcasting packet encryption method, it is characterised in that methods described includes:
Optical line terminal OLT determines specified broadcasting packet to be encrypted;
The specified broadcasting packet is encrypted, broadcast enciphering message is formed;
The broadcast enciphering message is sent to optical network unit ONU.
2. method according to claim 1, it is characterised in that
Methods described also includes:
The OLT and ONU consults encryption key, determines encryption key and cipher key index;
It is described that the specified broadcasting packet is encrypted, broadcast enciphering message is formed, including:
The part to be encrypted of the specified broadcasting packet is encrypted using the encryption key, and will be described
Cipher key index carries the clear portion in the specified broadcasting packet, forms the broadcast enciphering message;
Wherein, the cipher key index determines the encryption key for the ONU.
3. method according to claim 2, it is characterised in that
The OLT and ONU consults encryption key, determines encryption key and cipher key index, including:
Secret key request message is sent to the ONU for receiving the broadcast enciphering message;
After the secret key request message is sent, start the first timing;
In the timing time of first timing, receive the ONU and returned based on the secret key request message
The response message for returning;
The encryption key is extracted from the response message.
4. method according to claim 3, it is characterised in that
The OLT and ONU consults encryption key, determines encryption key and cipher key index, also includes:
If the first timing time-out does not receive the response message also or do not extract encryption key, weigh
Newly send the secret key request message.
5. method according to claim 1, it is characterised in that
The optical line terminal OLT determines specified broadcasting packet to be encrypted, including:
The lead code and command code opcode fields of analytic message, obtain parsing information;
Determine whether the message is specified message to be encrypted according to the parsing information.
6. the method according to any one of claim 1 to 5, it is characterised in that
Methods described also includes:
Detection broadcast enciphering enables switch;
It is described that the specified broadcasting packet is encrypted, broadcast enciphering message is formed, including:
If the broadcast enciphering enables switch and is in enabled state, the specified broadcasting packet is encrypted,
Form broadcast enciphering message.
7. a kind of broadcasting packet encryption method, it is characterised in that methods described includes:
ONU and OLT consults encryption key, determines encryption key and cipher key index;
Store the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and
ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
8. method according to claim 7, it is characterised in that
Methods described also includes:
Receive the broadcast enciphering message that OLT sends;
The clear portion of the broadcast enciphering message is parsed, cipher key index is determined;
Encryption key is inquired about according to the cipher key index;
Cipher text part based on broadcast enciphering message described in the encryption key decryption.
9. a kind of optical line terminal OLT, it is characterised in that the OLT includes:
First determining unit, for determining specified broadcasting packet to be encrypted;
Unit is formed, for being encrypted to the specified broadcasting packet, broadcast enciphering message is formed;
First transmitting element, for sending the broadcast enciphering message to optical network unit ONU.
10. OLT according to claim 9, it is characterised in that
The OLT also includes:
First negotiation element, encryption key is consulted for OLT and ONU, determines encryption key and key rope
Draw;
The formation unit, specifically for utilizing the encryption key to the to be encrypted of the specified broadcasting packet
Part is encrypted, and the cipher key index is carried into the clear portion in the specified broadcasting packet, is formed
The broadcast enciphering message;
Wherein, the cipher key index determines the encryption key for the ONU.
11. OLT according to claim 10, it is characterised in that
First transmitting element, being additionally operable to please to the ONU transmission keys for receiving the broadcast enciphering message
Seek message;After the secret key request message is sent, start the first timing;
The OLT also includes:
First receiving unit, is based on in the timing time of first timing, receiving the ONU
The response message that the secret key request message is returned;
First negotiation element, specifically for extracting the encryption key from the response message.
12. OLT according to claim 11, it is characterised in that
First transmitting element, if being additionally operable to the first timing time-out does not receive the response message also
Or do not extract encryption key, then resend the secret key request message.
13. OLT according to claim 9, it is characterised in that
First determining unit, lead code and command code opcode fields specifically for analytic message, obtains
Information must be parsed;And determine whether the message is specified message to be encrypted according to the parsing information.
14. OLT according to any one of claim 9 to 13, it is characterised in that
The OLT also includes:
Detection unit, for detecting that broadcast enciphering enables switch;
The formation unit, if enabling switch specifically for the broadcast enciphering is in enabled state, to institute
State specified broadcasting packet to be encrypted, form broadcast enciphering message.
15. a kind of optical network unit ONUs, it is characterised in that the ONU includes:
Second negotiation element, for consulting encryption key with OLT, determines encryption key and cipher key index;
Memory cell, for storing the encryption key and cipher key index;
Wherein, the encryption key and the cipher key index broadcasting packet is encrypted for the OLT and
ONU decrypts the OLT and encrypts the broadcast enciphering message to be formed.
16. ONU according to claim 15, it is characterised in that
The ONU also includes:
Second receiving unit, the broadcast enciphering message for receiving OLT transmissions;
Resolution unit, the clear portion for parsing the broadcast enciphering message, determines cipher key index;
Query unit, for inquiring about encryption key according to the cipher key index;
Decryption unit, for the cipher text part based on broadcast enciphering message described in the encryption key decryption.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510863047.5A CN106817352A (en) | 2015-11-30 | 2015-11-30 | Broadcasting packet encryption method and device |
PCT/CN2016/098281 WO2017092465A1 (en) | 2015-11-30 | 2016-09-07 | Broadcast packet encryption method, olt, onu, and computer storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510863047.5A CN106817352A (en) | 2015-11-30 | 2015-11-30 | Broadcasting packet encryption method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106817352A true CN106817352A (en) | 2017-06-09 |
Family
ID=58796211
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510863047.5A Pending CN106817352A (en) | 2015-11-30 | 2015-11-30 | Broadcasting packet encryption method and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106817352A (en) |
WO (1) | WO2017092465A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108777678A (en) * | 2018-05-18 | 2018-11-09 | 北京邮电大学 | A kind of netkey interactive system, device and method |
CN109583238A (en) * | 2018-11-29 | 2019-04-05 | 中国电子科技集团公司第四十七研究所 | Instruction pipeline stream encipher-decipher method |
WO2021056464A1 (en) * | 2019-09-27 | 2021-04-01 | 华为技术有限公司 | Data safety processing method and communication apparatus |
CN112751709A (en) * | 2020-12-29 | 2021-05-04 | 北京浪潮数据技术有限公司 | Management method, device and system of storage cluster |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111935181B (en) * | 2020-09-25 | 2021-01-26 | 北京天御云安科技有限公司 | Method for realizing uninterrupted service of key switching under full-secret condition |
CN114268412B (en) * | 2021-11-18 | 2023-10-13 | 岚图汽车科技有限公司 | Vehicle communication method, device, storage medium and equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1897500A (en) * | 2006-05-11 | 2007-01-17 | 中国电信股份有限公司 | Stir-key updating synchronization for Ethernet non-light source network system |
CN101072094A (en) * | 2006-05-14 | 2007-11-14 | 华为技术有限公司 | Key agreement method and system for PON system |
CN101183934A (en) * | 2007-10-23 | 2008-05-21 | 中兴通讯股份有限公司 | Cipher key updating method in passive optical network |
CN101388806A (en) * | 2007-09-12 | 2009-03-18 | 中兴通讯股份有限公司 | Cipher consistency detection method and apparatus |
-
2015
- 2015-11-30 CN CN201510863047.5A patent/CN106817352A/en active Pending
-
2016
- 2016-09-07 WO PCT/CN2016/098281 patent/WO2017092465A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1897500A (en) * | 2006-05-11 | 2007-01-17 | 中国电信股份有限公司 | Stir-key updating synchronization for Ethernet non-light source network system |
CN101072094A (en) * | 2006-05-14 | 2007-11-14 | 华为技术有限公司 | Key agreement method and system for PON system |
CN101388806A (en) * | 2007-09-12 | 2009-03-18 | 中兴通讯股份有限公司 | Cipher consistency detection method and apparatus |
CN101183934A (en) * | 2007-10-23 | 2008-05-21 | 中兴通讯股份有限公司 | Cipher key updating method in passive optical network |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108777678A (en) * | 2018-05-18 | 2018-11-09 | 北京邮电大学 | A kind of netkey interactive system, device and method |
CN108777678B (en) * | 2018-05-18 | 2020-12-11 | 北京邮电大学 | Network key interaction system, device and method |
CN109583238A (en) * | 2018-11-29 | 2019-04-05 | 中国电子科技集团公司第四十七研究所 | Instruction pipeline stream encipher-decipher method |
WO2021056464A1 (en) * | 2019-09-27 | 2021-04-01 | 华为技术有限公司 | Data safety processing method and communication apparatus |
CN112751709A (en) * | 2020-12-29 | 2021-05-04 | 北京浪潮数据技术有限公司 | Management method, device and system of storage cluster |
CN112751709B (en) * | 2020-12-29 | 2023-01-10 | 北京浪潮数据技术有限公司 | Management method, device and system of storage cluster |
Also Published As
Publication number | Publication date |
---|---|
WO2017092465A1 (en) | 2017-06-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106817352A (en) | Broadcasting packet encryption method and device | |
CN106254147B (en) | It is a kind of for the configuration method of Wi-Fi network, internet-of-things terminal and control terminal | |
CN104618900A (en) | Network access method for intelligent device, intelligent device and mobile terminal | |
US7797745B2 (en) | MAC security entity for link security entity and transmitting and receiving method therefor | |
CN109716834B (en) | Temporary identifier in a wireless communication system | |
CN105050083B (en) | A kind of network collocating method and system of smart machine | |
KR101704569B1 (en) | Method, Apparatus and System For Controlling Dynamic Vehicle Security Communication Based on Ignition | |
CN105281904B (en) | Encryption method, system, Internet of Things server and the internet-of-things terminal of message data | |
JP2004129272A (en) | Data transfer method in ethernet(r) passive optical subscriber network system | |
CN106686526B (en) | Method and device for acquiring routing information of electric appliance | |
KR20050006613A (en) | Key management device and method for providing security service in epon | |
WO2011017986A1 (en) | Transmission method and assembling method for physical layer operations, administration and maintenance (ploam) message in a passive optical network | |
WO2021244489A1 (en) | Method and apparatus for transmitting encryption control overhead in optical transport network | |
CN105357007A (en) | Encryption communication method and communication terminal | |
CN113228720B (en) | Method and apparatus for ensuring secure attachment in a size-constrained authentication protocol | |
CN105007163A (en) | Pre-shared key (PSK) transmitting and acquiring methods and transmitting and acquiring devices | |
US8942378B2 (en) | Method and device for encrypting multicast service in passive optical network system | |
EP1830517A1 (en) | A method, communication system, central and peripheral communication unit for packet oriented transfer of information | |
EP3474490A1 (en) | Service activating method, device and system, and storage medium | |
CN101778311A (en) | Distribution method of optical network unit marks and optical line terminal | |
CN115767513A (en) | Data networking mode of WiFi Mesh | |
US12010507B2 (en) | Secure beacons | |
CN110830421A (en) | Data transmission method and device | |
CN111093193B (en) | MAC layer secure communication method suitable for Lora network | |
EP3146742B1 (en) | Exception handling in cellular authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170609 |
|
RJ01 | Rejection of invention patent application after publication |