客戶端大氣壓力要求翻譯-中英對照
用戶端設(shè)備在 86－106Kpa 的大氣壓力條件下應(yīng)能正常工作。
15. 軟件系統(tǒng)
軟件系統(tǒng)必須穩(wěn)定，開放部分軟件的操作系統(tǒng)推薦為  Linux2.6  版本，功能軟件具有明 顯的層次結(jié)構(gòu)；
家庭的網(wǎng)關(guān)的軟件模塊均建立在相應(yīng)的開放標(biāo)準(zhǔn)(IEEE、IETF  RFCs、ITU)或行業(yè)規(guī)范
(DSL/ATM 論壇、UPnP 論壇)之上。 推薦家庭網(wǎng)關(guān)的開發(fā)環(huán)境必須對中國聯(lián)通開放，以在將來支持中國聯(lián)通中間件軟件的開
發(fā)和編譯。
16. 安全要求
16.1.用戶側(cè)接口安全
16.1.1. 網(wǎng)絡(luò)訪問的安全性
家庭網(wǎng)關(guān)應(yīng)提供接入控制能力、報文過濾能力、防攻擊能力、防端口掃描能力，并提供 本地網(wǎng)絡(luò)日志。具體要求如下：
必須支持 DMZ；
必須支持基于 MAC  地址的接入控制（包括 LAN 和 WLAN）； 必須支持基于 IP  地址和 IP  地址范圍的接入控制； 必須支持基于 URL  的控制；
接入控制以黑白名單形式提供，黑名單和白名單不能同時啟用，必須支持到 100 條紀(jì)錄； 必須支持 IP  層協(xié)議報文過濾功能，建議支持應(yīng)用層報文過濾，建議支持 SPI（Stateful
Packet Inspection）；
必須具備一定的防 DoS 攻擊能力，能夠防止 LAND、SYN Flooding、ICMP Redirection、
Smurf、Winnuke 等類型的攻擊；
第  95  頁
中國聯(lián)通家庭網(wǎng)關(guān)技術(shù)規(guī)范分冊——Femto 家庭網(wǎng)關(guān)
必須能夠提供防端口掃描功能；
必須能夠提供防非法報文攻擊能力； 必須支持日志功能，提供在本地存儲 500 條日志的能力。
16.1.2. 用戶側(cè) WLAN 接入安全性
家庭網(wǎng)關(guān)支持以下無線安全協(xié)議和功能，具體要求如下：
1.  必須支持配置不同 SSID 以區(qū)分網(wǎng)絡(luò)，支持 SSID  廣播開啟/關(guān)閉功能，默認(rèn)啟用此功 能。設(shè)備出廠時，SSID-1 應(yīng)由廠家隨機(jī)生成，并在家庭網(wǎng)關(guān)外殼上加以標(biāo)注，設(shè)備恢復(fù) 出廠設(shè)置后 SSID-1 應(yīng)恢復(fù)為外殼標(biāo)注的 SSID 標(biāo)識。SSID 可設(shè)置隱藏。
2.  必須支持 Open System 和 Shared Key 兩種鏈路層認(rèn)證方式，默認(rèn)家庭網(wǎng)關(guān)無需配置， 自動適應(yīng) STA 的認(rèn)證方式。
3.  必須支持 64-bit、128-bit WEP 加密；密鑰可以采用 HEX 或 ASCII 字符輸入。
4.  必須支持 WPA-PSK、WPA2-PSK，必須支持 AES、TKIP 加密，默認(rèn)啟用 WPA-PSK。 設(shè)備出廠時，對應(yīng)  SSID-1  的密鑰應(yīng)由廠家隨機(jī)生成，并在家庭網(wǎng)關(guān)外殼上加以標(biāo)注， 設(shè)備恢復(fù)出廠設(shè)置后應(yīng)恢復(fù)為外殼標(biāo)注的密鑰。
5.  如果用戶使用 WPS  Push  Button 方式接入，則按照 WPS 規(guī)范協(xié)商加密算法和密鑰； 否則按照傳統(tǒng)的方式為用戶提供無線接入。
6. WPS 功能無需在 WEB 頁面啟用和配置，默認(rèn)為啟用。
16.2.登錄安全
16.2.1. 用戶側(cè)登錄安全性
（1）用戶側(cè)登錄安全基本要求 家庭網(wǎng)關(guān)用戶側(cè)提供兩種不同的權(quán)限的帳號：管理員帳號和用戶帳號。用戶需使用用戶
名和密碼登錄，才能對家庭網(wǎng)關(guān)設(shè)備進(jìn)行配置或管理。 每個帳號同時只允許一個用戶登錄；禁止兩個用戶同時登錄； 用戶登錄后 5  分鐘內(nèi)無操作，家庭網(wǎng)關(guān)自動斷開連接；
用戶名與密碼輸入連續(xù)錯誤 3 次自動斷開連接，必須在 1  分鐘以后再次輸入用戶名與
密碼驗證；
中國聯(lián)通家庭網(wǎng)關(guān)技術(shù)規(guī)范分冊——Femto 家庭網(wǎng)關(guān)
每種權(quán)限僅有一套帳號生效，帳號權(quán)限不能因為密碼的修改而改變。
（2）管理員帳號 管理員帳號，可以完成對家庭網(wǎng)關(guān)全部參數(shù)的配置。 在以下場景，必須通過 ACS  修改管理員帳號的密碼： 當(dāng)家庭網(wǎng)關(guān)第一次連接 ACS  時，ACS 下發(fā)隨機(jī)密碼。
（3）  家庭網(wǎng)關(guān)用戶帳號
用戶帳號用于查看當(dāng)前系統(tǒng)運(yùn)行的基本內(nèi)容，可以進(jìn)行部分參數(shù)的配置。 使用用戶帳號，登錄本地 WEB 界面可使用的功能與應(yīng)用： 可進(jìn)行部分的參數(shù)設(shè)置；
可以修改用戶帳號的用戶名和密碼； 家庭網(wǎng)關(guān)用戶帳號的用戶名和密碼的修改方式： 通過管理員帳號登錄本地 WEB 界面強(qiáng)行修改；
通過用戶帳號登錄本地 WEB 界面，校驗原用戶名和密碼后再進(jìn)行修改。
16.2.2. Femto 鑒權(quán)
Femto基站應(yīng)支持EAP-AKA/SIM方式進(jìn)行設(shè)備鑒權(quán)，鑒權(quán)數(shù)據(jù)存儲在Femto HLR中 7。
Femto 基站的鑒權(quán)密鑰由運(yùn)營商控制。
16.2.3. Femto 移動終端用戶準(zhǔn)入鑒權(quán)
 Open模式：不需要準(zhǔn)入鑒權(quán)過程，任何UE可以使用Femto資源；
 Close模式：只有授權(quán)用戶才能使用Femto資源，F(xiàn)emto系統(tǒng)通過準(zhǔn)入判斷，確定用 戶是否有權(quán)使用該Femto資源；如果通過準(zhǔn)入控制，那么允許接入；否則拒絕。 當(dāng)用戶發(fā)起緊急呼叫時，即使是非授權(quán)用戶也可以使用Femto資源。
14.12. Requirements of atmospheric pressure
User Premise Equipment (CPE) shall be able to work normally under the condition of 86- 106Kpa atmospheric pressure.
15. Software system
The software system shall be steady, operating systems of some opening software recommend the Linux2.6 edition, and the function software has obvious hierarchical structure;
The software module of the home gateway is set up in the corresponding opening standard (IEEE, IETF RFCs, ITU) or trade norm (DSL/ATM forum, UPnP forum). The development environment of recommending the home gateway shall be open to CHINAUNICOM, in order to support the development and compilation of middleware software of CHINAUNICOM in future.
16. Safety requirements
16.1. User interface interface
16.1.1.Security of the netwoks access
The home gateway shall provide the controlling ability of accessing, packet filter capacity, attack defend capacity, port scan defend capacity, and provide the local network daily record. The detail requirements are as follows:
Support DMZ;
Support the access control based on MAC address (including LAN and WLAN); support the access control based on IP address and IP address range; support the control based on URL ;
The access control may provide the black list and white list in term of black and white list and can not start up in the same time; it is required to support internet protocol packet filter function, propose to support the packet filter function of allocation layer; propose to support the SPI (Stateful Packet Inspection);
Possess certain DoS defend capacity, prevent the attack of LAND, SYN Flooding, ICMP Redirection, Smurf and Winnuke, etc.;
Provide port scan defend function;
Provide illegal packet defend capacity; support the function of daily record, provide the capacity to store 500 daily local record.
16.1.2. Safety of user WLAN access
The home gateway supports the following wireless safety protocol and function, the detail requirements are as follows:
1. Support the different SSID system in order to distinguish the network; support SSID radio to open/close function; this function is enabled by default. When the equipment is dispatched from the factory, the manufacturer shall generate the SSID-1 at random, and mark on the outer cover of home gateway, SSID-1 shall resume to the SSID identification illustrated on the outer cover after the equipment resumes the factory reset. SSID can be treated as default.
2. Support two kinds of link layer authentication pattern of Open System and Shared Key; the home gateway by default is not required, automatically adopt the authentication pattern of STA.
3. Support 64 - bit, 128 - bit WEP encryption; the key system can adopt HEX or ASCII character introduction.
4. Support WPA-PSK, WPA2-PSK; support AES, TKIP encryption; start up the WPA-PSK by default. The manufacturer shall generate the key system of corresponding SSID-1 at random, and mark on the outer cover of home gateway, SSID-1 shall resume to the SSID identification illustrated on the outer cover by default after the equipment resumes the factory reset.
5. If users use WPS Push Button to access, consult and encrypt the algorithm and key system according to WPS norm; otherwise provide the wireless access for the user according to traditional pattern.
6. WPS function does not need to start up and dispose in the WEB page; default startup function.
16.2. Log-in security
16.2.1. Users log-in security
(1) The basic requirements of the security of user log-in
User of home gateway provides two kinds of different authorities of account numbers: Administrator account number and user account number. Users need to log-in by using the user’s ID and password, so as to dispose or manage to the equipments of home gateway. Each account number only permits one user's log-in at the same time; it is prohibited to log-in two users at the same time;
The home gateway shall be automatically disconnected if no operation is occurred within 5 minutes after log-in of users;
It is required to input the user ID and verified password again after 1 minute if input the fault user ID and password 3 times, the home gateway shall be automatically disconnected;
Each kind of authority only has one set of account numbers that come into force; the authority of account number shall not be modified with the change of password.
(2) Administrator account number
Administrator account number: may finish the disposition of all parameters of home gateway. In the following situations, it is required to change the password of administrator account number through ACS: when home gateway accesses to the ACS in the first time, ACS shall issue a random password.
(3) User account number of the home gateway
User account number is used for checking the basic content of current operating system; may carry on the dispositions of some parameters; log-in the available function and application of local WEB interface with user account number: may carry on the dispositions of some parameters;
May change the user ID and password of user account number; the modification pattern of the user ID and password of user account number of home gateway: log-in local WEB interface to implement the forcible change through administrator account number;
Log-in local WEB interface through user account number; implement the modification after check-up the original user ID and password.
16.2.2. Femto authentication
Femto base station shall support EAP-AKA/SIM to carry on the authentication  of the equipment; the authentication store in Femto HLR7.
The authentication key of Femto base station is controlled by the operator.
16.2.3. User access authentication of Femto movable termination
Open mode: do not need the process of the authentication accessing; any UE may use Femto resources;
Close mode: only authorized users may use Femto resources; through the accessing judgment, Femto system may confirm whether the user has the authorization to use the Femto resources; if the user passes the accessing controlling process, he or she may allow access the system, otherwise it shall be refused. The unauthorized users may use Femto resources in case of initiating the emergency calling.
7 Adopt USIM or key pattern authentication for confirmation after testing

武漢翻譯公司

2013.1.19