摘要:
A method and device for controlling security of a communication channel between an OLT and an ONU in a secure channel control system of EPON formed of the OLT and the ONU having a cryptographic module, a key management module and a transmitter/receiver for transmitting/receiving frames, the method comprising the steps of: a) distributing a key between the OLT and the ONU; b) transferring the distributed key to the encryption modules of the OLT and ONU; c) activating a corresponding encryption module using the distributed key at one of the OLT and the ONU which starts a security function activation; d) transmitting an encryption module information message including activation state information of the corresponding encryption module from the side (transmitting side) having the activated encryption module to an opponent side (receiving side); and e) activating an encryption module by checking activation state information of the encryption module at the receiving side.
摘要:
A method for controlling a security channel for reducing system load by extending the use period of a security association key is provided. In this method, an upper bit initial value of an initialization vector of an encryption algorithm and a using range thereof are shared between a transmitting side and a receiving side when a security channel is created. Then, a secure association is created between a transmitting side and a receiving side by setting an association number, a next packet number which is a lower bit value of an initialization vector, and a secure association key. Afterward, a packet number is modified whenever a frame is transmitted until all of packet numbers are used. When all packet numbers are used, the upper bit value of the initialization vector changes.
摘要:
An authentication method for link protection between an OLT and an ONU newly connected thereto in an EPON, which is implemented in a data link layer to which cryptography is applied. First, an authentication key is distributed to both the OLT and an ONU. The OLT (or ONU) generates first and second random values, generates an authentication request frame containing the random values, and transmits it to the ONU (or OLT). The ONU generates a first hash value according to a hash function using the random values contained in the request frame, and transmits an authentication response frame containing the first hash value to the OLT. The OLT compares the first hash value with a second hash value calculated by it according to the has function using the two random values and an authentication key distributed to it, and transmits an authentication result frame to the ONU.
摘要:
A high-speed Galois Counter Mode-Advanced Encryption Standard (GCM-AES) block cipher apparatus and method is provided. The apparatus can operate at a low clock frequency of 125 MHz and provide a 2 Gbps link encryption function in an Optical Line Termination (OLT) and an Optical Network Unit (ONU) of an Ethernet Passive Optical Network (EPON). 11-round block cipher of 128- bit input data is implemented using an 8-round Counter-AES (CTR-AES) block cipher module and a 3-round CTR-AES block cipher module, so that it is possible to provide a 1 Gbps link security function for an input frequency of 62.5 MHz and a 2 Gbps link security function for an input frequency of 125 MHz.
摘要:
Disclosed herein is a variable length packet switching system. The variable length packet switching system includes at least two switching means, a plurality of multiplexing units and a plurality of demultiplexing units. The switching means switch ATM cells or variable length packet data in parallel. The multiplexing means are arranged upstream of the switching means for multiplexing data inputted from a line card to the switching means in packet units and dividing a packet into packets of a number corresponding to the number of the switching means. The demultiplexing means are arranged downstream of the switching means for combining packets inputted after being switched in parallel by the at least two switching means and outputting the combined packet converted into a format adequate to the line card.
摘要:
A method and an apparatus of interactive advertising service are provided. The method includes: receiving first advertising contents from a broadcasting advertisement platform; displaying broadcasting according to the first advertising contents on the overall screen together with at least one second advertisement contents interactive indicator indicating that the first advertising contents are linked with second advertising contents; receiving indicated information triggering at least one second advertising contents interactive indicator from an input device; receiving the second advertising contents indicated by the at least one second advertising contents interactive indicator from the broadcasting advertisement platform; and displaying broadcasting according to the second advertisement contents. According to an exemplary embodiment of the present invention, it is possible to introduce opportunity of goods information acquisition and purchasing behaviors distributed to media other than broadcasting into a smart TV while improving concentration for advertisements in bidirectional digital broadcast.
摘要:
An apparatus and method for providing a security function of frames transmitted between optical network terminals (OLTs) and optical network units (ONUs) in an Ethernet passive optical network (EPON) providing media access control (MAC) services are provided. The apparatus includes: a frame classifier distinguishing the type of a frame, and based on the logical link identifier (LLID) of the distinguished frame, determining whether or not the frame is a security link to which a security function is to be applied; a bypass unit delaying a no-security-function frame so that a processing time for converting the security-function-applied frame classified in the frame classifier into an encrypted frame is the same as a time for processing the no-security-function frame; and a parameter generation unit transmitting in relation to each of the LLIDs, a parameter set value including a security-function-application setting signal used in the encryption, decryption and authentication of the frame, a frame decryption signal, an encryption mode selection signal, and an authentication intensity adjustment signal.
摘要:
An apparatus and method for providing a security function of frames transmitted between optical network terminals (OLTs) and optical network units (ONUs) in an Ethernet passive optical network (EPON) providing media access control (MAC) services are provided. The apparatus includes: a frame classifier distinguishing the type of a frame, and based on the logical link identifier (LLID) of the distinguished frame, determining whether or not the frame is a security link to which a security function is to be applied; a bypass unit delaying a no-security-function frame so that a processing time for converting the security-function-applied frame classified in the frame classifier into an encrypted frame is the same as a time for processing the no-security-function frame; and a parameter generation unit transmitting in relation to each of the LLIDs, a parameter set value including a security-function-application setting signal used in the encryption, decryption and authentication of the frame, a frame decryption signal, an encryption mode selection signal, and an authentication intensity adjustment signal.