针对自动交换光网络光路建立过程中存在的安全威胁，提出了一种高效的安全光路建立协议.该协议使用综合的波长预留策略，通过数字签名和消息反馈等安全机制，对GMPLS RSVP-TE消息中的重要对象进行完整性保护，并可防止内部节点的恶意或自私行为.另外，考虑到自动交换光网络中路由模块和信令模块强耦合的特点，采用OSPF-TE的PKLSA消息分发光路建立协议中所需的节点公钥证书.经仿真实验及分析表明，该协议在保证光通路安全建立的同时，在连接阻塞率、光通路建立时间和消息负载方面都优于原有的RSVP-TE信令协议.

To the point of security threats against lightpath establishment process in ASON, an efficient secure lightpath establishment protocol is presented. This protocol uses integrated strategy of wavelength reservation, and makes use of digital signature and message feedback security mechanisms to protect the integrity of important object in GMPLS RSVP-TE message and prevent malicious or selfish actions from inner node. In addition, in view of the close coupling character of routing and signaling module in ASON, this protocol adopts PKLSA message of OSPF-TE to distribute nodes public key certificate which the lightpath establishment protocol demanded. Through simulation experiment and analysis, it is proved that this protocol can ensure the security of lightpath establishment,and has better performance than the old RSVP-TE protocol in terms of connection block probability, lightpath connection setup time and message overhead.