CN106992986A - A kind of method and system of hybrid authentication - Google Patents
A kind of method and system of hybrid authentication Download PDFInfo
- Publication number
- CN106992986A CN106992986A CN201710239781.3A CN201710239781A CN106992986A CN 106992986 A CN106992986 A CN 106992986A CN 201710239781 A CN201710239781 A CN 201710239781A CN 106992986 A CN106992986 A CN 106992986A
- Authority
- CN
- China
- Prior art keywords
- logical identifier
- physical label
- authentication
- network unit
- optical network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q11/0067—Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
Abstract
The embodiments of the invention provide a kind of implementation method of hybrid authentication, methods described includes:Obtain the logical identifier and physical label of optical network unit;Wherein, the logical identifier is the combination LOID+PW of logical identifier LOID or logical identifier and password;Determine the optical network unit whether by certification according to the logical identifier and physical label;Wherein, the certification of the optical network unit passes through when the logical identifier and legal physical label, when the logical identifier and illegal physical label, the authentification failure of the optical network unit.What embodiments of the invention additionally provided a kind of hybrid authentication simultaneously realizes system.
Description
Technical field
The present invention relates to EPON (EPON) system based on Ethernet in network communication field optical network system
Hybrid authentication technology, more particularly to a kind of method and system of hybrid authentication.
Background technology
In order to ensure Ethernet passive optical network (Ethernet Passive Optical Network, EPON) system
Reliability and security, before optical network unit (Optical Network Unit, ONU) normal work, in ONU initialization
During ONU is authenticated to be necessary.The ONU that only certification passes through could complete initialization procedure, and then
Into normal operating conditions.ONU is authenticated, can effectively be controlled for EPON networks, it is to avoid illegal ONU is visited
Ask network.
In the authentication method of current EPON system, there are the physical label for being based solely on ONU, i.e. MAC (medium education)
The method that address is authenticated.Media access control (Media Access Control, MAC) address determines by ONU manufacturers,
Determined when dispatching from the factory.This method is mainly based upon the multiparty control association defined in IEEE 802.3ah and IEEE 802.3av
View is with finding the MAC that (Multi Point Control Protocol Discovery, MPCP Discovery) process is reported
Location is carried out.If it is legal that the ONU reported MAC Address is designated in authentication list, then certification passes through, otherwise authentification failure.
Another authentication method is to be based solely on logical identifier to be authenticated.Logical identifier is by a series of character strings
To identify a kind of ONU method.It can be managed and be distributed by operator.The verification process occurs in MPCP
Discovery and operation management maintainance find (Operation Administration and Maintenance
Discovery, OAM discovery) after process.If optical line terminal (Optical Line Terminal, OLT) from
It is legal that the logical identifier obtained in ONU is designated in authentication list, then certification passes through, otherwise authentification failure.
ONU certifications are carried out separately through the mode of physical label, or ONU are carried out only by way of logical identifier recognizing
Card, in ONU initialization procedures, all can not extraordinary guarantee system security.If the ONU MAC Address of itself and
Other ONU conflicts, but selection logical identifier is authenticated, and in this case, the ONU clashed still can be authenticated
Pass through, it is considered to be legal ONU is operated;If two ONU logical identifier is duplicated, and an ONU is used and patrolled
Collect mark to be authenticated, another ONU is authenticated by physical label, then according to existing flow, the two ONU are
Verification process can be successfully completed, and is finally completed initialization procedure, normal work is carried out.
Thus, ONU is authenticated by single physical label, or ONU carried out by single logical identifier
Certification, all can not fundamentally ensure ONU legitimate authentication, so as to can not effectively ensure normally to access EPON networks.
The content of the invention
In order to solve the above technical problems, the embodiment of the present invention is expected to provide a kind of method and system of hybrid authentication,
Ensure ONU legitimate authentication, it is ensured that the normal access to EPON networks.
The technical proposal of the invention is realized in this way:
First aspect includes there is provided a kind of implementation method of hybrid authentication, methods described:
Obtain the logical identifier and physical label of optical network unit;Wherein, the logical identifier be logical identifier LOID or
The combination LOID+PW of person's logical identifier and password;
Determine the optical network unit whether by certification according to the logical identifier and physical label;Wherein, it is described to patrol
The certification of the optical network unit passes through when collecting mark and legal physical label, and the logical identifier and physical label are illegal
When, the authentification failure of the optical network unit.
It is optionally, described to determine whether the optical network unit certification passes through according to the logical identifier and physical label,
Including:
Using the logical identifier and physical label as an entirety, matched with an authentication list;
When the logical identifier and physical label are matched with the list item in the authentication list, the logical identifier and thing
Reason mark is legal, determines that the optical network unit certification passes through;
When the logical identifier and physical label are mismatched with the list item in the authentication list, the logical identifier and
Physical label is illegal, determines the optical network unit authentification failure.
Optionally, the physical address is media access control MAC, and each single item in the authentication list is by the MAC
Address is constituted with the LOID;
Or, each single item in the authentication list is made up of the MAC Address with the LOID+PW.
It is optionally, described that whether the optical network unit is determined by certification according to the logical identifier and physical label,
Including:
The logical identifier and physical label are sent to NM server;Wherein, the logical identifier and physical label are used
The optical network unit is authenticated in the NM server;
Receive the authentication response that the NM server is sent;Wherein, the authentication response includes authentication result, and is
What the NM server was sent after being authenticated to the optical network unit;
When the authentication result is certification success, determine that the optical network unit certification passes through;
When the authentication result is authentification failure, the optical network unit authentification failure is determined.
Optionally, methods described also includes:
If the optical network unit authentification failure, it is authentification failure to identify the optical network unit.
Second aspect includes there is provided a kind of implementation method of hybrid authentication, methods described:
Receive the logical identifier and physical label for the optical network unit that optical line terminal is sent;Wherein, the logical identifier
For the logical identifier LOID or combination LOID+PW of logical identifier and password;
The optical network unit is authenticated according to the logical identifier and physical label;
When the logical identifier and legal physical label, determine that the optical network unit certification passes through;
When the logical identifier and illegal physical label, the optical network unit authentification failure is determined;
Send comprising certification by or authentification failure authentication response to the optical line terminal.
Optionally, it is described that the optical network unit is authenticated according to the logical identifier and physical label, including:
Using the logical identifier and physical label as an entirety, matched with an authentication list;
When the logical identifier and physical label are matched with the list item in the authentication list, the logical identifier is determined
It is legal with physical label;
When the logical identifier and physical label are mismatched with the list item in the authentication list, the logic mark is determined
Know and physical label is illegal.
Optionally, the physical address is media access control MAC, and each single item in the authentication list is by the MAC
Address is constituted with the LOID;
Or, each single item in the authentication list is made up of the MAC Address with the LOID+PW.
A kind of third aspect, hybrid authentication realizes system, and the system includes:Parameter collection module and authentication module,
Wherein:
The parameter collection module, logical identifier and physical label for obtaining optical network unit;Wherein, the logic
It is designated the combination LOID+PW of logical identifier LOID or logical identifier and password;
The authentication module, for being authenticated to the logical identifier and physical label, when the logical identifier and thing
When reason mark is legal, the optical network unit certification passes through, otherwise, the optical network unit authentification failure.
Optionally, the authentication module, for using the logical identifier and physical label as an entirety, with a certification
List is matched, when the logical identifier and physical label are matched with the list item in the authentication list, the logic mark
Know and physical label is legal, otherwise, the logical identifier and physical label are illegal.
Optionally, the physical address is media access control MAC, and each single item in the authentication list is by the MAC
Address is constituted with the LOID;
Or, each single item in the authentication list is made up of the MAC Address with the LOID+PW.
Optionally, the parameter collection module and the authentication module are optical line terminal.
Optionally, the parameter collection module is optical line terminal, and the authentication module is NM server, wherein:
The optical line terminal, for the logical identifier and physical label to be sent into NM server.
Optionally, the authentication module, if being additionally operable to the optical network unit authentification failure, identifies the optical network unit
For authentification failure.
The method and system for the hybrid authentication that embodiments of the invention are provided, passes through binding O NU physical label
It is an entirety with logical identifier, ONU is authenticated, whole ONU verification process can be made relatively reliable, safety can also
Fundamentally solve it is single be authenticated by physical label or by logical identifier be authenticated may caused by safety
The hidden danger of aspect.
Brief description of the drawings
Fig. 1 is OLT and ONU topology diagrams;
Fig. 2 be OLT as authenticating party when, for ONU carry out hybrid authentication flow chart;
Fig. 3 be NMS server as authenticating party when, for ONU carry out hybrid authentication flow chart.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described.
The present invention core concept be:It is authenticated simultaneously according to ONU physical label and logical identifier.
The hybrid authentication method that the present invention is provided includes:
MPCP discovery interactions are completed between S101, OLT and ONU, OLT obtains ONU physical label, this reality
It is MAC Address to apply physical label in example.
OAM discovery interactions are completed between S102, OLT and ONU.
S103, OLT obtain ONU logical identifier by related management passage.
S104, OLT using the ONU got physical label and logical identifier as an entirety, in associated packet containing ONU's
It is authenticated in the authentication list of the parameter pair of physical label and logical identifier.
If the ONU that S105, OLT are got physical label and logical identifier are as an entirety, in authentication list
It is legal to be designated, i.e., when described logical identifier and physical label are matched with the list item in the authentication list, the logical identifier
Legal with physical label, the ONU certifications pass through, and proceed follow-up initialization procedure;Otherwise, ONU authentification failures, ONU
Related initialization procedure stops.
In addition, the authentication list comprising ONU relevant authentication informations may reside on OLT, system can also be present in
On NM server (Network Management Server, NMS).When authentication list is on NMS, OLT is getting
ONU physical label and logical identifier is sent to NMS, and physical label and logical identifier are authenticated by NMS, i.e., described logic
Mark and physical label are matched as an entirety with NMS authentication list, when the logical identifier and physical label and
When list item in the authentication list is matched, the logical identifier and physical label are legal, and the ONU certifications pass through, otherwise, institute
State logical identifier and physical label is illegal, the ONU authentification failures.
Alternatively, it is also possible to be authenticated respectively to physical label and logical identifier, when physical label is legal, and logical identifier
When legal, the ONU certifications pass through, otherwise, the ONU authentification failures.
Taken as shown in figure 1, OLT connects ONU, OLT and ONU by optical splitter (splitter) as an entity by NMS
Business device is managed.
Embodiment one
OLT carries out hybrid authentication as authentication side to ONU, as shown in Fig. 2 including:
S201, on OLT configure or issued by NMS server on ONU physical labels i.e. MAC Address and logic mark
Know (Logical Identification are abbreviated as LOID or LOID+Password, are abbreviated as LOID+PW), i.e. LOID/
(LOID+PW) the legal authentication list of binding is to OLT.Each single item in the authentication list is by MAC Address and LOID, Huo Zheyou
MAC Address is constituted with LOID+PW.
The MPCP DISCOVERY defined in IEEE802.3ah or IEEE802.3av are completed between S202, OLT and ONU
Interaction, OLT obtains ONU physical label, i.e. ONU local mac address from the interaction.
The OAM DISCOVERY defined in IEEE802.3ah or IEEE802.3av are completed between S203, OLT and ONU
Friendship process.
S204, OLT initiate certification request, acquisition request ONU logical identifier by the management passage between OLT and ONU
(LOID/(LOID+PW))。
S205, ONU respond OLT request message by the management passage between OLT and ONU, return to ONU logical identifier
(LOID/LOID+PW)。
S206, OLT are obtained after the logical identifier of ONU physical label sum, the physical label and logical identifier of the ONU
(i.e. MAC Address and LOID/LOID+PW) is authenticated as a certification entity in the local authentication lists of OLT, if
Certification passes through, i.e. the ONU that OLT is got physical label and logical identifier are matched with the list item of the authentication list in OLT, then are recognized
It is legal for the physical label and logical identifier of the ONU, identify the ONU and pass through (" authenticated ") for certification.
S207, ONU are completed after follow-up initialization procedure, and service is obtained from service provider by OLT.The control of response
Message and data flow through OLT normal process between ONU and SP.
If the physical label for the ONU that S208, authentification failure, i.e. OLT are got is used as a certification plus logical identifier
List item in authentication list in entity, and OLT is mismatched, then it is assumed that the ONU authentification failures, OLT identifies the ONU and lost for certification
Lose (" unauthenticated ");Because authentification failure, so that ONU can not obtain response service from service provider.
Embodiment two
NMS server carries out hybrid authentication as authentication side to ONU, as shown in figure 3, including:
The MPCP DISCOVERY defined in IEEE802.3ah or IEEE802.3av are completed between S301, OLT and ONU
Interaction, OLT obtains ONU physical label, i.e. ONU local mac address from this interaction.
The OAM DISCOVERY defined in IEEE802.3ah or IEEE802.3av are completed between S302, OLT and ONU
Friendship process.
S303, OLT initiate authentication request message (Auth-Request), request by the management passage between OLT and ONU
Obtain ONU logical identifier (LOID/LOID+PW).
S304, ONU respond OLT request message by the management passage between OLT and ONU, return to ONU logical identifier
(LOID/LOID+PW)。
S305, OLT are obtained after ONU physical label and logical identifier, the physical label and logical identifier of the ONU (i.e.
MAC Address and LOID/LOID+PW) it is used as a certification entity;OLT is sent out by the management passage between OLT and NMS server
Play the physical label (i.e. MAC Address) and logical identifier for including ONU in certification request, certification request, the certification of NMS server
Be authenticated in list, each single item in authentication list in NMS server by ONU MAC Address and LOID/LOID+PW
Composition.
S306, NMS server send authentication response, certification by the management passage between NMS server and OLT to OLT
Authentication result is included in response.
S307, OLT receive the authentication response from NMS server, if authentication result is success (certification success),
That is the physical label and logical identifier for the ONU that OLT is got are matched with the list item of the authentication list in NMS, then it is assumed that the ONU's
Physical label and logical identifier are legal, then identify the ONU and pass through (" authenticated ") for certification.
S308, ONU are completed after follow-up initialization procedure, and service is obtained from service provider by OLT.The control of response
Message and data flow through OLT normal process between ONU and SP.
If S309, OLT receive the authentication response from NMS server for fail (authentification failure), then it is assumed that certification is lost
Lose, i.e. the physical label for the ONU that OLT is got is plus certification row of the logical identifier as a certification entity, and NMS server
Certification list item in table is mismatched, then it is assumed that the ONU authentification failures, and OLT identifies the ONU for (" unauthenticated ").
Because authentification failure, so that ONU can not obtain response service from service provider.
In summary, for that may be present in the existing authentication method in the ONU initialization procedures in EPON system
Potential safety hazard, by hybrid authentication method, i.e., recognizes ONU physical label and logical identifier as a certification entity
Card, can solve problem present in current authentication method, make EPON networks more safe and reliable to a certain extent.Together
When do not increase the complexity that current system is realized again.
Meanwhile, by the invention it is possible to control OLT is linked simultaneously ONU authentication reliability in itself and be linked across OLT
ONU authentication reliability.
The present invention also provides a kind of hybrid authentication and realizes system, including parameter collection module and authentication module, wherein:
The parameter collection module, logical identifier and physical label for obtaining optical network unit.
The authentication module, for being authenticated to the logical identifier and physical label, when the logical identifier and thing
When reason mark is legal, the optical network unit certification passes through, otherwise, the optical network unit authentification failure.
Wherein, the authentication module, for the logical identifier and physical label, as an entirety, to be arranged with a certification
Table is matched, when the logical identifier and physical label are matched with the list item in the authentication list, the logical identifier
Legal with physical label, otherwise, the logical identifier and physical label are illegal.
Wherein, the parameter collection module and the authentication module are optical line terminal.
Wherein, the parameter collection module is optical line terminal, and the authentication module is NM server:
The optical line terminal, is additionally operable to the logical identifier and physical label being sent to NM server.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (14)
1. a kind of implementation method of hybrid authentication, it is characterised in that methods described includes:
Obtain the logical identifier and physical label of optical network unit;Wherein, the logical identifier is logical identifier LOID or patrolled
Collect mark and the combination LOID+PW of password;
Determine the optical network unit whether by certification according to the logical identifier and physical label;Wherein, the logic mark
The certification of the optical network unit passes through when knowledge and physical label are legal, when the logical identifier and illegal physical label, institute
State the authentification failure of optical network unit.
2. according to the method described in claim 1, it is characterised in that described that institute is determined according to the logical identifier and physical label
State whether optical network unit certification passes through, including:
Using the logical identifier and physical label as an entirety, matched with an authentication list;
When the logical identifier and physical label are matched with the list item in the authentication list, logical identifier and the physics mark
It is legal to know, and determines that the optical network unit certification passes through;
When the logical identifier and physical label are mismatched with the list item in the authentication list, the logical identifier and physics
Mark is illegal, determines the optical network unit authentification failure.
3. method according to claim 2, it is characterised in that the physical address is media access control MAC, described to recognize
Each single item in card list is made up of the MAC Address with the LOID;
Or, each single item in the authentication list is made up of the MAC Address with the LOID+PW.
4. according to the method described in claim 1, it is characterised in that described that institute is determined according to the logical identifier and physical label
Optical network unit is stated whether by certification, including:
The logical identifier and physical label are sent to NM server;Wherein, the logical identifier and physical label are used for institute
NM server is stated to be authenticated the optical network unit;
Receive the authentication response that the NM server is sent;Wherein, the authentication response includes authentication result, and is described
What NM server was sent after being authenticated to the optical network unit;
When the authentication result is certification success, determine that the optical network unit certification passes through;
When the authentication result is authentification failure, the optical network unit authentification failure is determined.
5. the method according to claim 1,2 or 4, it is characterised in that methods described also includes:
If the optical network unit authentification failure, it is authentification failure to identify the optical network unit.
6. a kind of implementation method of hybrid authentication, it is characterised in that methods described includes:
Receive the logical identifier and physical label for the optical network unit that optical line terminal is sent;Wherein, the logical identifier is to patrol
Collect the combination LOID+PW of mark LOID or logical identifier and password;
The optical network unit is authenticated according to the logical identifier and physical label;
When the logical identifier and legal physical label, determine that the optical network unit certification passes through;
When the logical identifier and illegal physical label, the optical network unit authentification failure is determined;
Send comprising certification by or authentification failure authentication response to the optical line terminal.
7. method according to claim 6, it is characterised in that it is described according to the logical identifier and physical label to described
Optical network unit is authenticated, including:
Using the logical identifier and physical label as an entirety, matched with an authentication list;
When the logical identifier and physical label are matched with the list item in the authentication list, the logical identifier and thing are determined
Reason mark is legal;
When the logical identifier and physical label are mismatched with the list item in the authentication list, determine the logical identifier and
Physical label is illegal.
8. method according to claim 7, it is characterised in that the physical address is media access control MAC, described to recognize
Each single item in card list is made up of the MAC Address with the LOID;
Or, each single item in the authentication list is made up of the MAC Address with the LOID+PW.
9. a kind of hybrid authentication realizes system, it is characterised in that the system includes:Parameter collection module and authentication module,
Wherein:
The parameter collection module, logical identifier and physical label for obtaining optical network unit;Wherein, the logical identifier
For the logical identifier LOID or combination LOID+PW of logical identifier and password;
The authentication module, for being authenticated to the logical identifier and physical label, when the logical identifier and physics mark
When knowing legal, the optical network unit certification passes through, otherwise, the optical network unit authentification failure.
10. system according to claim 9, it is characterised in that the authentication module, for by the logical identifier and thing
Reason mark is matched as an entirety with an authentication list, when the logical identifier and physical label and certification row
When list item in table is matched, the logical identifier and physical label are legal, otherwise, and the logical identifier and physical label do not conform to
Method.
11. system according to claim 10, it is characterised in that the physical address is media access control MAC, described
Each single item in authentication list is made up of the MAC Address with the LOID;
Or, each single item in the authentication list is made up of the MAC Address with the LOID+PW.
12. according to any described system of claim 9~11, it is characterised in that the parameter collection module and the certification
Module is optical line terminal.
13. according to any described system of claim 9~11, it is characterised in that the parameter collection module is that optical link is whole
End, the authentication module is NM server, wherein:
The optical line terminal, for the logical identifier and physical label to be sent into NM server.
14. according to any described system of claim 9~11, it is characterised in that
The authentication module, if being additionally operable to the optical network unit authentification failure, it is authentification failure to identify the optical network unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710239781.3A CN106992986A (en) | 2010-02-25 | 2010-02-25 | A kind of method and system of hybrid authentication |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010122940XA CN102170421A (en) | 2010-02-25 | 2010-02-25 | Method and system for realizing mixed authentication |
| CN201710239781.3A CN106992986A (en) | 2010-02-25 | 2010-02-25 | A kind of method and system of hybrid authentication |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010122940XA Division CN102170421A (en) | 2010-02-25 | 2010-02-25 | Method and system for realizing mixed authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106992986A true CN106992986A (en) | 2017-07-28 |
Family
ID=44491399
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010122940XA Pending CN102170421A (en) | 2010-02-25 | 2010-02-25 | Method and system for realizing mixed authentication |
| CN201710239781.3A Pending CN106992986A (en) | 2010-02-25 | 2010-02-25 | A kind of method and system of hybrid authentication |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010122940XA Pending CN102170421A (en) | 2010-02-25 | 2010-02-25 | Method and system for realizing mixed authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN102170421A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107919917A (en) * | 2017-12-29 | 2018-04-17 | 武汉长光科技有限公司 | A kind of method for preventing illegal ONU registrations from reaching the standard grade |
| CN108184176A (en) * | 2017-12-30 | 2018-06-19 | 武汉长光科技有限公司 | A kind of method for preventing illegal optical module access OLT |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102832997B (en) * | 2012-09-12 | 2016-04-20 | 上海斐讯数据通信技术有限公司 | A kind of authentication method of ONU equipment and Ethernet passive optical network system |
| CN103905301B (en) * | 2012-12-28 | 2017-05-03 | 上海贝尔股份有限公司 | Method for configuring optical network unit in passive optical network |
| CN103916271B (en) * | 2014-03-25 | 2017-04-12 | 烽火通信科技股份有限公司 | Method and device for switching multiple ONU authentication modes in PON system |
| EP3255836B1 (en) | 2015-05-29 | 2019-05-22 | Huawei Technologies Co., Ltd. | Optical network unit authentication method, optical line terminal and optical network unit |
| CN104902354A (en) * | 2015-06-18 | 2015-09-09 | 深圳市新格林耐特通信技术有限公司 | Flexible and safe ONT authentication method in GPON system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040109688A1 (en) * | 2002-12-10 | 2004-06-10 | Chan Kim | Apparatus for executing multi-point control protocol in Ethernet passive optical network |
| CN1531246A (en) * | 2003-03-10 | 2004-09-22 | 三星电子株式会社 | Method and device for identification in passive optical ether network |
| CN101064599A (en) * | 2006-04-26 | 2007-10-31 | 华为技术有限公司 | Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5105942B2 (en) * | 2007-04-13 | 2012-12-26 | 三菱電機株式会社 | ONU automatic registration method |
| ATE515861T1 (en) * | 2007-07-25 | 2011-07-15 | Nokia Siemens Networks Oy | METHOD FOR ADDRESSING ETHERNET STREAMS WITH STRUCTURED GPON GEM PORT ID |
-
2010
- 2010-02-25 CN CN201010122940XA patent/CN102170421A/en active Pending
- 2010-02-25 CN CN201710239781.3A patent/CN106992986A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040109688A1 (en) * | 2002-12-10 | 2004-06-10 | Chan Kim | Apparatus for executing multi-point control protocol in Ethernet passive optical network |
| CN1531246A (en) * | 2003-03-10 | 2004-09-22 | 三星电子株式会社 | Method and device for identification in passive optical ether network |
| CN101064599A (en) * | 2006-04-26 | 2007-10-31 | 华为技术有限公司 | Method and system for optical network authentication, cipher key negotiation method and system and optical line terminal and optical network unit |
Non-Patent Citations (2)
| Title |
|---|
| 王一蓉等: "《EPON系统安全性分析与安全策略》", 《电力系统通信》 * |
| 王德年: "《网络设备应用技术》", 31 May 2007 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107919917A (en) * | 2017-12-29 | 2018-04-17 | 武汉长光科技有限公司 | A kind of method for preventing illegal ONU registrations from reaching the standard grade |
| CN108184176A (en) * | 2017-12-30 | 2018-06-19 | 武汉长光科技有限公司 | A kind of method for preventing illegal optical module access OLT |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102170421A (en) | 2011-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106992986A (en) | A kind of method and system of hybrid authentication | |
| JP5354556B2 (en) | Method and apparatus for authentication in a passive optical network and its passive optical network | |
| EP2007063A1 (en) | A user authentication method, apparatus and system for passive optical network | |
| CN110460371B (en) | Optical resource checking method and system | |
| CN101174952B (en) | Automatic authentication method and device for IPTV service | |
| CN101102188A (en) | A method and system for mobile access to VLAN | |
| CN105007186A (en) | EPON-based FTTH terminal automatic configuration method and system | |
| CN107864162A (en) | Convergence gateway dual system and its communication security guard method | |
| CN102868943A (en) | Method for acquiring association between PON ports, optical network device and optical network system | |
| WO2016110150A1 (en) | Method and device for controlling access capability of illegal manufacturer onu in gpon system | |
| WO2016191942A1 (en) | Optical network unit authentication method, optical line terminal and optical network unit | |
| CN104584478A (en) | Method, apparatus and system for terminal authentication in passive optical network | |
| CN102571353A (en) | Method for verifying legitimacy of home gateway in passive optical network | |
| JP2008028922A (en) | Authentication method in network system, authentication apparatus, and apparatus to be authenticated | |
| CN106162387A (en) | The certification register method of soft exchange module, Apparatus and system | |
| CN103841537B (en) | The managing and control system and method for WLAN Metropolitan Area Network (MAN)s are disposed using home gateway | |
| CN112929387B (en) | Broadband network multiple authentication and encryption method applied to intelligent community | |
| CN101267340B (en) | A SN theft prevention authentication method | |
| CN102832997B (en) | A kind of authentication method of ONU equipment and Ethernet passive optical network system | |
| CN109120334B (en) | Optical fiber position determining method and device, network element, storage medium and processor | |
| CN103166756A (en) | Method for carrying out authentication announcing on optical network unit and corresponding equipment | |
| CN106358188B (en) | A kind of link switch-over method, apparatus and system | |
| CN108964752A (en) | A kind of passive optical-fiber network terminal certificate authentication system and method | |
| CN105871615B (en) | Method and system for displaying registration information | |
| CN101998180B (en) | Method and system for supporting version compatibility between optical line terminal and optical network unit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170728 |
|
| RJ01 | Rejection of invention patent application after publication |