摘要:
An authentication method for link protection between an OLT and an ONU newly connected thereto in an EPON, which is implemented in a data link layer to which cryptography is applied. First, an authentication key is distributed to both the OLT and an ONU. The OLT (or ONU) generates first and second random values, generates an authentication request frame containing the random values, and transmits it to the ONU (or OLT). The ONU generates a first hash value according to a hash function using the random values contained in the request frame, and transmits an authentication response frame containing the first hash value to the OLT. The OLT compares the first hash value with a second hash value calculated by it according to the has function using the two random values and an authentication key distributed to it, and transmits an authentication result frame to the ONU.
摘要:
A method for controlling a security channel for reducing system load by extending the use period of a security association key is provided. In this method, an upper bit initial value of an initialization vector of an encryption algorithm and a using range thereof are shared between a transmitting side and a receiving side when a security channel is created. Then, a secure association is created between a transmitting side and a receiving side by setting an association number, a next packet number which is a lower bit value of an initialization vector, and a secure association key. Afterward, a packet number is modified whenever a frame is transmitted until all of packet numbers are used. When all packet numbers are used, the upper bit value of the initialization vector changes.
摘要:
A high-speed Galois Counter Mode-Advanced Encryption Standard (GCM-AES) block cipher apparatus and method is provided. The apparatus can operate at a low clock frequency of 125 MHz and provide a 2 Gbps link encryption function in an Optical Line Termination (OLT) and an Optical Network Unit (ONU) of an Ethernet Passive Optical Network (EPON). 11-round block cipher of 128-bit input data is implemented using an 8-round Counter-AES (CTR-AES) block cipher module and a 3-round CTR-AES block cipher module, so that it is possible to provide a 1 Gbps link security function for an input frequency of 62.5 MHz and a 2 Gbps link security function for an input frequency of 125 MHz.
摘要:
The present invention provides a method for detecting a security module for link protection in an EPON, wherein an OLT and an ONU in the EPON can check whether or not an encryption module is present in each other and check the configuration of each other in order to avoid loss of a message when the message is encrypted for link protection between the OLT and the ONU in the EPON.
摘要:
The invention provides a method and apparatus for allocating a dynamic band width of an EPON and an EPON master apparatus using the same. The bandwidth allocation is cycle based where every predetermined cycle, static gates are generated for all ONUs and dynamic gates are generated according to the reports using the remaining grant resource. The method for allocating an upstream bandwidth to transmit data from the ONUs to an OLT is as follows. A total allocatable grant length is calculated for the given cycle. A requested amount of grant length needed to transmit upstream data in each ONU is set based on report values collected from the report frames from all ONUs in the EPON. Then, distribution is made sequentially and repeatedly in a cycle by taking a basic unit from the total grant length and adding it to the grant length of the ONUs until the total allocatable grant length becomes 0 or the grant length allocated to all ONUs satisfy the requested amount of the grant length set in all ONUs.
摘要:
An apparatus and method for managing traffic using a VID in EPON are provided. The apparatus includes a MAC lookup table, a service classification policy table, a service control policy table, a MAC lookup unit, a first and second classification module, a VID learning unit and a first and second service control module. The apparatus classifies all packets of up/downlink transmission flow using a VID into a VID unit, through the first and second classification modules and manages traffic thereof according to the parameters thereof through the first and second service control modules. Accordingly, a large amount of traffic for numerous subscribers and services thereof, which was cannot be processed by the limitation on embodying a typical switch or router, can be processed according to the present invention.
摘要:
Disclosed herein is an optical transmitter having an analog/digital mixed-mode temperature compensation function. The optical transmitter, when detecting the optical output power of a laser diode, which outputs logic levels “1” and “0” as optical signals, through a monitoring photodiode, and controlling the bias current of a laser drive circuit to maintain the logic levels “1” and “0” at constant values, includes programs for controlling the bias current and modulation current of the laser drive circuit based on an variation in temperature, and is configured such that a temperature compensation circuit includes a digital control unit for controlling the bias current and modulation current of the laser drive circuit using the programs, so that temperature compensation operation can be adjusted only by the modification of the programs of the distal control unit.
摘要:
Provided is a customized billing method for content service. A content service billing method in a billing management server for charging a fee for use of content service provided to a user via a communication network includes collecting billing information for calculating a content service use fee for a user from a network switch and a policy control server, and calculating the content service use fee using the collected billing information. Accordingly, customized billing considering communication network performance, service quality, and content properties is feasible.
摘要:
A method for controlling a security channel for reducing system load by extending the use period of a security association key is provided. In this method, an upper bit initial value of an initialization vector of an encryption algorithm and a using range thereof are shared between a transmitting side and a receiving side when a security channel is created. Then, a secure association is created between a transmitting side and a receiving side by setting an association number, a next packet number which is a lower bit value of an initialization vector, and a secure association key. Afterward, a packet number is modified whenever a frame is transmitted until all of packet numbers are used. When all packet numbers are used, the upper bit value of the initialization vector changes.
摘要:
The invention relates to an EPON bridge apparatus and a forwarding method thereof. In case of receiving frame from the network port or the PON port, the apparatus associates the port having the received frame inputted with source MAC address of the received frame to learn the information in an FDB table which manages port information for the learned MAC address. Then the apparatus refers to the FDB table to remove LLID from upstream frame, and then forwards the upstream frame to the network port, while attaching LLID corresponding to destination MAC address to downstream frame to transmit to the PON port. Bridging between ONUs are possible with flooding capability using anti-LLID. It provides VLAN-LLID translation mode with support for VLAN tag addition/removal at the ONU side. It also provides multicast pruning function for the downstream.