WO2009089708A1 - Passive optical network system, optical line terminal, and method for generating and authenticating authentication information - Google Patents

Passive optical network system, optical line terminal, and method for generating and authenticating authentication information Download PDF

Info

Publication number
WO2009089708A1
WO2009089708A1 PCT/CN2008/073409 CN2008073409W WO2009089708A1 WO 2009089708 A1 WO2009089708 A1 WO 2009089708A1 CN 2008073409 W CN2008073409 W CN 2008073409W WO 2009089708 A1 WO2009089708 A1 WO 2009089708A1
Authority
WO
WIPO (PCT)
Prior art keywords
ranging
authentication
information
line terminal
optical line
Prior art date
Application number
PCT/CN2008/073409
Other languages
French (fr)
Chinese (zh)
Inventor
Junling Hu
Peilong Tan
Original Assignee
Shenzhen Huawei Communication Technologies Co. , Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Huawei Communication Technologies Co. , Ltd. filed Critical Shenzhen Huawei Communication Technologies Co. , Ltd.
Publication of WO2009089708A1 publication Critical patent/WO2009089708A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/16Time-division multiplex systems in which the time allocation to individual channels within a transmission cycle is variable, e.g. to accommodate varying complexity of signals, to vary number of channels transmitted
    • H04J3/1694Allocation of channels in TDM/TDMA networks, e.g. distributed multiplexers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q11/0067Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q2011/0088Signalling aspects

Definitions

  • the present invention relates to the field of PON (Passive Optical Network) technology. More specifically, the present invention relates to a passive optical network system, an optical line terminal, and an authentication information generation and authentication method. Background technique
  • a PON network usually includes an optical line termination (OLT) at a central office, and a series of user equipments located at the customer premises. , usually an Optical Network Unit/Optical Network Termination (ONU/ONT), and an optical distribution network composed of an optical fiber, a passive optical splitter or a coupler between the OLT and the customer equipment. (ODN, Optical Distribution Network).
  • ODN optical Distribution Network
  • the essential feature is that the ODN is composed entirely of passive components.
  • the passive optical splitters and couplers only serve to transmit and limit light, without power supply and information processing, and have an unrestricted mean time between failures, passive.
  • the characteristics of the network make the network deployment more flexible, without the need for the equipment room and power supply; the characteristics of the shared optical fiber can save a lot of optical fiber resources, making the access network line cost lower; and the structure of the pure optical medium, the transparent optical fiber broadband network, makes Future business expansion maintains the security of the technology.
  • the operator wants to limit the scope of use of the user equipment. That is, if the relocation procedure is not performed, the user equipment used under one port of the PON network cannot be migrated to another port. in use.
  • the current PON network system is difficult to perform line bonding like Digital Subscriber Line (DSL).
  • DSL Digital Subscriber Line
  • the OLT is very Hard to detect.
  • the prior art utilizes the ranging function unique to the PON network to identify the user equipment.
  • the ranging function provided by the PON network refers to: the distance between the user equipment and the central office OLT device can be measured through the interaction of the related packets. In general, the error is around 3-10 meters. This distance is proportional to the value of the round trip time (RTT, Round Trip Time) of the client device.
  • RTT Round Trip Time
  • the authentication information of the end device is bound as a fixed identification information of the user.
  • the OLT device of the local end OLT device can discover the RTT value of the user's current login, and the previously bound RTT. The value is inconsistent. According to this, the user can be denied login or an alarm is generated to remind the maintenance personnel to pay attention to protect the network user right of the legitimate user.
  • each branch of the PON required in the above solution is different, and for example, the minimum gap of each branch may be required to be about 10 m, which complicates the wiring engineering.
  • the technical problem to be solved by the embodiments of the present invention is to provide a passive optical network system, an optical line terminal, and an authentication information generation and authentication method, so that the PON client device can be bound to a line, and the wiring process is relatively simple.
  • a method for generating authentication information including:
  • An authentication method including:
  • An optical line terminal includes:
  • a ranging execution unit configured to perform ranging between the user equipment and the optical line terminal
  • the ranging authentication information generating unit is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated;
  • a ranging authentication decision information generating unit configured to generate ranging authentication decision information between the user equipment and the optical line terminal according to the authentication decision ranging result of the round trip ranging from the ranging execution unit when the authentication decision is initiated;
  • the authentication decision unit is configured to compare the ranging authentication determination information generated by the ranging authentication decision information generating unit with the ranging authentication information stored by the authentication information storage unit to determine an authentication result.
  • a passive optical network system comprising: a client equipment and an optical line terminal, wherein the optical line terminal comprises:
  • a ranging execution unit configured to perform ranging between the user equipment and the optical line terminal
  • the ranging authentication information generating unit is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated;
  • a ranging authentication decision information generating unit configured to generate ranging authentication decision information between the user equipment and the optical line terminal according to the authentication decision ranging result of the round trip ranging from the ranging execution unit when the authentication decision is initiated;
  • the authentication decision unit is configured to compare the ranging authentication determination information generated by the ranging authentication decision information generating unit with the ranging authentication information stored by the authentication information storage unit to determine an authentication result.
  • the PON client device and the line can be bound, and when the bound user equipment is authenticated, Performing round trip multiple ranging between the user equipment and the optical line terminal and obtaining a round trip multiple authentication decision ranging result; generating measurement information between the user equipment and the optical line terminal according to the round trip multiple authentication decision ranging result; Finally, the ranging authentication decision information is compared with the ranging authentication information to determine an authentication result.
  • FIG. 1 is a flowchart of an authentication method according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of an embodiment of a passive optical network system according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of an embodiment of an authentication decision unit in the user equipment shown in FIG. detailed description
  • the figure is a main flowchart of an authentication method according to an embodiment of the present invention.
  • the PON client device and the line binding depend on the unauthentication process between each branch line and the OLT, including the following steps:
  • Step S101 Round-trip multiple ranging between the optical network terminal and the optical line terminal, and obtain a round-trip multiple authentication decision ranging result.
  • the authentication decision ranging result may be a distance of multiple round trips, or may be a round trip time of multiple round trips;
  • Step S102 Generate ranging authentication decision information between the optical network terminal and the optical line terminal according to the round-trip multiple authentication decision ranging result, where the distance between the optical network terminal and the optical line terminal is differentiated and amplified. Performing a function operation on the authentication decision ranging result to expand the line length difference, for example, adding or multiplying the round-trip multiple authentication decision ranging result; wherein, the ranging authentication decision information may It is the distance authentication information of the round trip multiple ranging, and may also be the round trip time information of the round trip multiple ranging;
  • the specific implementation may include:
  • the ranging authentication information is ranging authentication information that is differentiated and amplified by a distance between the user equipment and the optical line terminal.
  • the ranging authentication information is distance authentication information for round trip multiple ranging;
  • the secondary authentication ranging result is a round trip time of round trip multiple ranging, and the ranging authentication information is round trip time authentication information of round trip multiple ranging.
  • Step S104 comparing the ranging authentication decision information with the ranging authentication information to determine an authentication result. For specific implementation, for example, comparing the ranging authentication decision information with the ranging authentication information; determining whether the comparison result is Within the scope of certification, if the judgment result is yes, it is determined that the certification is passed, and no, it is determined that the certification has not passed.
  • the authentication information may be obtained by multiple ranging when the user equipment is first logged in, for example, after the ONT is opened, or may be obtained by multiple ranging after the user equipment, for example, the ONT is opened online (not the first time after the account is opened).
  • the number of times of ranging ranging information and ranging authentication decision information is preferably the same for multiple ranging to ensure a small error.
  • FIG. 2 is a schematic structural diagram of a passive optical network system according to an embodiment of the present invention.
  • the passive optical network system of the present embodiment mainly includes: a user equipment 1 and an optical line terminal 2, wherein the user equipment 1 may be an optical network terminal or an optical network unit;
  • the optical line terminal 2 in this embodiment may include:
  • the ranging execution unit 21 is configured to perform ranging between the user equipment and the optical line terminal;
  • the ranging authentication information generating unit 22 is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated, for example, reference In the foregoing description, the ranging authentication information may be ranging authentication information of a distance difference amplification process between the user equipment and the optical line terminal;
  • the authentication information storage unit 23 is configured to store ranging authentication information that is different from the distance between the user equipment and the optical line terminal;
  • the ranging authentication decision information generating unit 24 is configured to generate a distance-differentiated ranging between the user equipment and the optical line terminal according to the authentication decision ranging result of the round-trip multiple ranging of the ranging performing unit 21 when the authentication decision is initiated.
  • the authentication decision information for example, referring to the foregoing description, the ranging authentication decision information may be ranging authentication decision information of a distance difference amplification process between the user equipment and the optical line terminal; and an authentication decision unit 25, configured to use the ranging
  • the ranging authentication decision information generated by the authentication decision information generating unit 24 is compared with the ranging authentication information stored by the authentication information storage unit 23 to determine an authentication result.
  • the authentication determining unit 25 A specific embodiment can include:
  • the comparing unit 251 is configured to compare the ranging authentication decision information with the ranging authentication information;
  • the determining unit 252 is configured to determine whether the comparison result is within the authentication range. If the determination result is yes, it is determined that the authentication is passed. Otherwise, it is determined that the authentication fails, the online can be rejected, or an alarm log is generated, and the maintenance personnel is prompted to perform the confirmation processing. Etc., no longer detailed here.
  • the ranging authentication judgment information generating unit 24 generates the measurement.
  • the authentication judgment information may be distance authentication judgment information for round trip multiple ranging.
  • the ranging authentication judgment information generated by the ranging authentication decision information generating unit 24 may be more round trips. Round trip time authentication decision information for secondary ranging.
  • the passive optical network system, the optical line terminal, the authentication information generation and the authentication method of the embodiment can be used to bind the PON client device and the line, and when the user equipment is authenticated, the user terminal is authenticated.
  • obtaining the distance-authenticated ranging authentication information of the pre-stored user equipment and the optical line terminal and finally comparing the ranging authentication decision information with the ranging authentication information to determine an authentication result.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Abstract

A passive optical network system, a optical line terminal, a method for generating and authtenticating authentication information are provided. The method for authentifying determines the multiple cyclic ranging results and acquires the multiple cylic ranging between a subscriber end device and an optical line terminal; generating the ranging authentication determining information between the subscriber end device and the optical line terminal according to the cyclic multiple ranging determining results; then obtaining the ranging authentication information for prestored information between the subscriber end device and the optical line terminal; finally, comparing the ranging authentication determining information and the ranging authentication information so as to confirm the authentication results. According to one embodiment of the present invention, enlarging the difference corresponding to the value obtained by multiple ranging, when setting lines in the optical distribution network, avoids the need for ensuring the minimum gap between an optical line terminal offset length, thus simplifying the setting line process.

Description

无源光网络系统、 光线路终端、 认证信息生成及认证方法 本申请要求于 2007 年 12 月 19 曰提交中国专利局、 申请号为 200710032704.7、 发明名称为 "无源光网络系统、 光线路终端、 认证信息生成及 认证方法" 的中国专利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域  Passive optical network system, optical line terminal, authentication information generation and authentication method The present application claims to be filed on December 19, 2007, the Chinese Patent Office, the application number is 200710032704.7, and the invention name is "passive optical network system, optical line terminal, The priority of the Chinese patent application of the "Certification Information Generation and Authentication Method" is hereby incorporated by reference in its entirety. Technical field
本发明涉及无源光网络 ( PON, Passive Optical Network )技术领域, 更具 体的说, 本发明涉及一种无源光网络系统、 光线路终端、 认证信息生成及认证 方法。 背景技术  The present invention relates to the field of PON (Passive Optical Network) technology. More specifically, the present invention relates to a passive optical network system, an optical line terminal, and an authentication information generation and authentication method. Background technique
PON技术是为了支持点到多点的应用发展起来的光接入技术,一般的, PON 网络通常包括位于中心局的光线路终端 (OLT, Optical Line Termination ), 一系 列位于用户驻地的用户端设备, 通常为光网络单元 /光网络终端 (ONU/ONT, Optical Network Unit/Optical Network Termination ), 以及在所述的 OLT和用户端 设备中间由光纤、 无源分光器或耦合器构成的光分配网络 ( ODN , Optical Distribution Network )。 其本质特征为 ODN全部由无源器件组成, 无源的分光器 和耦合器只起到传递和限制光的作用, 不需要供电和信息处理, 而且具有不受 限制的平均故障间隔时间, 无源的特性使得网络布放更加灵活, 无需机房和电 源等; 共享光纤的特性能够节省大量的光纤资源, 使得接入网线路成本更低; 而纯光介质的结构, 透明的光纤宽带网络, 使得对未来业务扩展保持了技术的 安全性。  PON technology is an optical access technology developed to support point-to-multipoint applications. Generally, a PON network usually includes an optical line termination (OLT) at a central office, and a series of user equipments located at the customer premises. , usually an Optical Network Unit/Optical Network Termination (ONU/ONT), and an optical distribution network composed of an optical fiber, a passive optical splitter or a coupler between the OLT and the customer equipment. (ODN, Optical Distribution Network). The essential feature is that the ODN is composed entirely of passive components. The passive optical splitters and couplers only serve to transmit and limit light, without power supply and information processing, and have an unrestricted mean time between failures, passive. The characteristics of the network make the network deployment more flexible, without the need for the equipment room and power supply; the characteristics of the shared optical fiber can save a lot of optical fiber resources, making the access network line cost lower; and the structure of the pure optical medium, the transparent optical fiber broadband network, makes Future business expansion maintains the security of the technology.
通常, 在 PON网络的业务运营过程中, 运营商希望能够限制用户端设备的 使用范围, 即如果没有办理迁户手续, 在 PON网络某一端口下使用的用户端设 备迁移到另外的端口是无法使用的。  Generally, during the service operation of a PON network, the operator wants to limit the scope of use of the user equipment. That is, if the relocation procedure is not performed, the user equipment used under one port of the PON network cannot be migrated to another port. in use.
但目前的 PON网络系统由于其点对多点的特性, 难以进行像数字用户线 ( DSL, Digital Subscriber Line )那样的线路绑定, 用户端设备移到无源分光器 的其他分支时, OLT很难察觉。 为此, 现有技术利用 PON网络特有的测距功能来识别用户端设备, PON网 络提供的测距功能是指:可以通过相关报文的交互测量出用户端设备到局端 OLT 设备的距离, 一般的, 误差在 3-10米左右。 此距离和该用户端设备的往返时间 ( RTT, Round Trip Time )值成正比关系。 利用此功能, 可以在用户开户后第一 次登陆 PON网络, 或者指定某次登陆 PON网络时, 把 PON网络测得的该用户端 设备的 RTT值记录在局端 OLT设备中, 并和该用户端设备的认证信息绑定, 作为 该用户的一个固定识别信息。 However, due to its point-to-multipoint nature, the current PON network system is difficult to perform line bonding like Digital Subscriber Line (DSL). When the client equipment moves to other branches of the passive optical splitter, the OLT is very Hard to detect. For this reason, the prior art utilizes the ranging function unique to the PON network to identify the user equipment. The ranging function provided by the PON network refers to: the distance between the user equipment and the central office OLT device can be measured through the interaction of the related packets. In general, the error is around 3-10 meters. This distance is proportional to the value of the round trip time (RTT, Round Trip Time) of the client device. With this function, you can log in to the PON network for the first time after the user opens an account, or specify the RTT value of the user equipment measured by the PON network in the central office OLT device, and the user. The authentication information of the end device is bound as a fixed identification information of the user.
当非法用户盗用他人的认证信息从别处登陆 PON网路时, 由于到局端 OLT 设备的光纤距离可能产生变化, 局端 OLT设备可以发现该用户本次登陆的 RTT 值, 和之前绑定的 RTT值不一致, 据此可拒绝该用户登陆, 或者产生告警, 提醒 维护人员注意, 从而保护合法用户的网络使用权利。  When an illegal user steals another person's authentication information and logs in to the PON network from another place, the OLT device of the local end OLT device can discover the RTT value of the user's current login, and the previously bound RTT. The value is inconsistent. According to this, the user can be denied login or an alarm is generated to remind the maintenance personnel to pay attention to protect the network user right of the legitimate user.
但上述方案中需要 PON的每个分支长度都是不同的, 并且例如可能要求各 个分支的最小差距在 10m左右, 从而使布线工程比较复杂。 发明内容  However, the length of each branch of the PON required in the above solution is different, and for example, the minimum gap of each branch may be required to be about 10 m, which complicates the wiring engineering. Summary of the invention
本发明实施例解决的技术问题是提供一种无源光网络系统、 光线路终端、 认证信息生成及认证方法, 以实现 PON用户端设备可以和线路绑定, 使布线工 程相对更简单。  The technical problem to be solved by the embodiments of the present invention is to provide a passive optical network system, an optical line terminal, and an authentication information generation and authentication method, so that the PON client device can be bound to a line, and the wiring process is relatively simple.
一种认证信息生成方法, 包括:  A method for generating authentication information, including:
在各用户端设备与光线路终端间往返多次测距并获取往返多次的认证测距 结果; 终端间的测距认证信息。  Round trip multiple distances between each client device and the optical line terminal and obtain the authentication ranging result of multiple round trips; the ranging authentication information between the terminals.
一种认证方法, 包括:  An authentication method, including:
在用户端设备与光线路终端间往返多次测距并获取往返多次认证判决测距 结果;  Round-trip multiple ranging between the user equipment and the optical line terminal and obtain round-trip multiple authentication decision ranging results;
根据所述往返多次认证判决测距结果生成用户端设备与光线路终端间的测 距认证判决信息; 将所述测距认证判决信息与所述测距认证信息进行比较以确定认证结果。 一种光线路终端, 包括: Generating ranging authentication decision information between the user equipment and the optical line terminal according to the round trip multiple authentication decision ranging result; The ranging authentication decision information is compared with the ranging authentication information to determine an authentication result. An optical line terminal includes:
测距执行单元, 用于在用户端设备与光线路终端间进行测距;  a ranging execution unit, configured to perform ranging between the user equipment and the optical line terminal;
测距认证信息生成单元, 用于在启动测距认证信息生成时, 根据测距执行 单元往返多次测距的测距结果生成用户端设备与光线路终端间的测距认证信 息; 信息;  The ranging authentication information generating unit is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated;
测距认证判决信息生成单元, 用于在启动认证判决时, 根据测距执行单元 往返多次测距的认证判决测距结果生成用户端设备与光线路终端间的测距认证 判决信息;  a ranging authentication decision information generating unit, configured to generate ranging authentication decision information between the user equipment and the optical line terminal according to the authentication decision ranging result of the round trip ranging from the ranging execution unit when the authentication decision is initiated;
认证判决单元, 用于将所述测距认证判决信息生成单元生成的测距认证判 决信息与所述认证信息存储单元存储的测距认证信息进行比较确定认证结果。  The authentication decision unit is configured to compare the ranging authentication determination information generated by the ranging authentication decision information generating unit with the ranging authentication information stored by the authentication information storage unit to determine an authentication result.
一种无源光网络系统, 包括: 用户端设备和光线路终端, 其中所述光线路 终端包括:  A passive optical network system, comprising: a client equipment and an optical line terminal, wherein the optical line terminal comprises:
测距执行单元, 用于在用户端设备与光线路终端间进行测距;  a ranging execution unit, configured to perform ranging between the user equipment and the optical line terminal;
测距认证信息生成单元, 用于在启动测距认证信息生成时, 根据测距执行 单元往返多次测距的测距结果生成用户端设备与光线路终端间的测距认证信 息; 信息;  The ranging authentication information generating unit is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated;
测距认证判决信息生成单元, 用于在启动认证判决时, 根据测距执行单元 往返多次测距的认证判决测距结果生成用户端设备与光线路终端间的测距认证 判决信息;  a ranging authentication decision information generating unit, configured to generate ranging authentication decision information between the user equipment and the optical line terminal according to the authentication decision ranging result of the round trip ranging from the ranging execution unit when the authentication decision is initiated;
认证判决单元, 用于将所述测距认证判决信息生成单元生成的测距认证判 决信息与所述认证信息存储单元存储的测距认证信息进行比较确定认证结果。  The authentication decision unit is configured to compare the ranging authentication determination information generated by the ranging authentication decision information generating unit with the ranging authentication information stored by the authentication information storage unit to determine an authentication result.
根据上述本实施例的无源光网络系统、 光线路终端、 认证信息生成及认证 方法, 可实现将 PON用户端设备和线路绑定, 对绑定的用户端设备认证时, 通 过在用户端设备与光线路终端间往返多次测距并获取往返多次认证判决测距结 果; 根据所述往返多次认证判决测距结果生成用户端设备与光线路终端间的测 信息; 最后将所述测距认证判决信息与所述测距认证信息进行比较以确定认证 结果。 通过对多次测距所得值的差异化放大处理, 避免了 ODN布线时需要保证 ONT各分支长度间的最小差距的要求, 使布线工程相对更简单。 附图说明 例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面描述 中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付 出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。 According to the passive optical network system, the optical line terminal, the authentication information generation and the authentication method of the foregoing embodiment, the PON client device and the line can be bound, and when the bound user equipment is authenticated, Performing round trip multiple ranging between the user equipment and the optical line terminal and obtaining a round trip multiple authentication decision ranging result; generating measurement information between the user equipment and the optical line terminal according to the round trip multiple authentication decision ranging result; Finally, the ranging authentication decision information is compared with the ranging authentication information to determine an authentication result. Through the differential amplification process of the values obtained by multiple ranging, the requirement of ensuring the minimum gap between the lengths of the branches of the ONT during the ODN wiring is avoided, and the wiring engineering is relatively simpler. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in the drawings Other drawings can also be obtained from these drawings on the premise of creative labor.
图 1是本发明实施例提供的认证方法的流程图;  1 is a flowchart of an authentication method according to an embodiment of the present invention;
图 2是本发明实施例提供的无源光网络系统的一个实施例的结构示意图; 图 3是图 2所示用户端设备中认证判决单元的一个实施例的结构示意图。 具体实施方式  2 is a schematic structural diagram of an embodiment of a passive optical network system according to an embodiment of the present invention; and FIG. 3 is a schematic structural diagram of an embodiment of an authentication decision unit in the user equipment shown in FIG. detailed description
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行清 楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是 全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作出创造 性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。  BRIEF DESCRIPTION OF THE DRAWINGS The technical solutions in the embodiments of the present invention will be described in detail with reference to the accompanying drawings. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative work are within the scope of the present invention.
在 PON网络系统中,当不同的分支距离 OLT的长度相差不大的情况下将很难 根据测距结果进行认证, 为了解决这个问题, 在实现 PON用户端设备和线路绑 定时, 可釆用根据往返多次的测距结果进行认证, 而不再是根据一个来回的测 距结果进行认证,这样,相当于通过多次测距所得值将不同的分支距离 OLT的长 度进行了差异化放大处理, 避免了 ODN布线时需要保证 ONT各分支长度间的最 小差距的要求, 使布线工程相对更简单。  In a PON network system, when different branches are not far from the length of the OLT, it will be difficult to perform authentication based on the ranging result. To solve this problem, it can be used when implementing PON client equipment and line binding. The authentication is performed according to the round trip result of the round trip, and the authentication is no longer performed according to the back and forth ranging result, so that the length of the different branch distances of the OLT is differentiated and amplified by the values obtained by multiple ranging. It avoids the requirement of ensuring the minimum gap between the lengths of the branches of the ONT during ODN wiring, making the wiring engineering relatively simpler.
参考图 1 , 该图是本发明实施例认证方法的主要流程图。 本实施例中 PON用户端设备和线路绑定依靠各个分支线路和 OLT之间的不 证过程包括下述步骤: Referring to FIG. 1, the figure is a main flowchart of an authentication method according to an embodiment of the present invention. In this embodiment, the PON client device and the line binding depend on the unauthentication process between each branch line and the OLT, including the following steps:
步骤 S101 , 在光网络终端与光线路终端间往返多次测距并获取往返多次的 认证判决测距结果, 具体实现时, 例如测试 N个来回, 获取 N个来回的认证判决 测距结果; 其中, 所述认证判决测距结果可以是往返多次测距的距离, 也可以 是往返多次测距的往返时间;  Step S101: Round-trip multiple ranging between the optical network terminal and the optical line terminal, and obtain a round-trip multiple authentication decision ranging result. For specific implementation, for example, testing N round-trips to obtain N round-trip authentication decision ranging results; The authentication decision ranging result may be a distance of multiple round trips, or may be a round trip time of multiple round trips;
步骤 S102, 根据所述往返多次认证判决测距结果生成光网络终端与光线路 终端间的测距认证判决信息, 具体实现时, 即将光网络终端与光线路终端间距 离进行差异化放大处理, 通过对所述的认证判决测距结果进行函数运算以便于 扩大线路长度差异, 例如, 对所述往返多次认证判决测距结果进行相加或相乘; 其中, 所述测距认证判决信息可以是往返多次测距的距离认证信息, 也可以是 往返多次测距的往返时间信息;  Step S102: Generate ranging authentication decision information between the optical network terminal and the optical line terminal according to the round-trip multiple authentication decision ranging result, where the distance between the optical network terminal and the optical line terminal is differentiated and amplified. Performing a function operation on the authentication decision ranging result to expand the line length difference, for example, adding or multiplying the round-trip multiple authentication decision ranging result; wherein, the ranging authentication decision information may It is the distance authentication information of the round trip multiple ranging, and may also be the round trip time information of the round trip multiple ranging;
需要通过往返多次测距生成, 即将光网络终端与光线路终端间距离进行差异化 放大处理, 具体实现可包括: It is necessary to generate multiple rounds of ranging, that is, to differentiate and amplify the distance between the optical network terminal and the optical line terminal. The specific implementation may include:
在各光网络终端与光线路终端间往返多次测距并获取往返多次的认证测距 终端间的测距认证信息, 最后将所述测距认证信息保存。 其中, 所述测距认证 信息为用户端设备与光线路终端间距离差异化放大的测距认证信息。  Round-trip multiple distance measurement between each optical network terminal and the optical line terminal, and obtain ranging authentication information between the authentication and ranging terminals that are repeated multiple times, and finally save the ranging authentication information. The ranging authentication information is ranging authentication information that is differentiated and amplified by a distance between the user equipment and the optical line terminal.
需要说明的, 若所述的往返多次的认证测距结果为往返多次测距的距离, 则所述测距认证信息为往返多次测距的距离认证信息; 而若所述的往返多次的 认证测距结果为往返多次测距的往返时间, 则所述测距认证信息为往返多次测 距的往返时间认证信息。  It should be noted that, if the round trip multiple authentication ranging result is a distance from multiple round trips, the ranging authentication information is distance authentication information for round trip multiple ranging; The secondary authentication ranging result is a round trip time of round trip multiple ranging, and the ranging authentication information is round trip time authentication information of round trip multiple ranging.
步骤 S104, 将所述测距认证判决信息与所述测距认证信息进行比较以确定 认证结果, 具体实现时, 例如, 将测距认证判决信息与测距认证信息进行比较; 判断比较结果是否在认证范围之内, 若判断结果为是, 则确定认证通过, 否贝' J , 确定认证没有通过。 认证信息可以在用户端设备例如 ONT开户后初次登录上线时通过多次测距获 得, 也可以在用户端设备例如 ONT开户后后续某次上线 (非开户后初次登录) 时通过多次测距获得; 另外, 多次测距获得测距认证信息和测距认证判决信息 的次数最好一致, 以保证较小的误差。 Step S104, comparing the ranging authentication decision information with the ranging authentication information to determine an authentication result. For specific implementation, for example, comparing the ranging authentication decision information with the ranging authentication information; determining whether the comparison result is Within the scope of certification, if the judgment result is yes, it is determined that the certification is passed, and no, it is determined that the certification has not passed. The authentication information may be obtained by multiple ranging when the user equipment is first logged in, for example, after the ONT is opened, or may be obtained by multiple ranging after the user equipment, for example, the ONT is opened online (not the first time after the account is opened). In addition, the number of times of ranging ranging information and ranging authentication decision information is preferably the same for multiple ranging to ensure a small error.
为了实现本发明实施例所提供的上述方法, 需要对现有的网络系统及设备 的功能作相应的扩展。  In order to implement the above method provided by the embodiments of the present invention, it is required to expand the functions of the existing network system and equipment accordingly.
参考图 2, 该图是本发明实施例无源光网络系统的一种结构示意图。  Referring to FIG. 2, this figure is a schematic structural diagram of a passive optical network system according to an embodiment of the present invention.
本实施例的无源光网络系统, 主要包括: 用户端设备 1和光线路终端 2, 其 中用户端设备 1可以是光网络终端或光网络单元;  The passive optical network system of the present embodiment mainly includes: a user equipment 1 and an optical line terminal 2, wherein the user equipment 1 may be an optical network terminal or an optical network unit;
而为了实现将所述用户端设备和线路绑定, 本实施例中所述光线路终端 2可 包括:  In order to implement the binding of the user equipment and the line, the optical line terminal 2 in this embodiment may include:
测距执行单元 21 , 用于在用户端设备与光线路终端间进行测距;  The ranging execution unit 21 is configured to perform ranging between the user equipment and the optical line terminal;
测距认证信息生成单元 22, 用于在启动测距认证信息生成时, 根据测距执 行单元往返多次测距的测距结果生成用户端设备与光线路终端间的测距认证信 息, 例如参考前述说明, 所述测距认证信息可以是用户端设备与光线路终端间 距离差异化放大处理的测距认证信息;  The ranging authentication information generating unit 22 is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated, for example, reference In the foregoing description, the ranging authentication information may be ranging authentication information of a distance difference amplification process between the user equipment and the optical line terminal;
认证信息存储单元 23 , 用于存储所述用户端设备与光线路终端距离差异化 放大的测距认证信息;  The authentication information storage unit 23 is configured to store ranging authentication information that is different from the distance between the user equipment and the optical line terminal;
测距认证判决信息生成单元 24, 用于在启动认证判决时, 根据测距执行单 元 21往返多次测距的认证判决测距结果生成用户端设备与光线路终端间距离差 异化放大的测距认证判决信息, 例如参考前述说明, 所述测距认证判决信息可 以是用户端设备与光线路终端间距离差异化放大处理的测距认证判决信息; 认证判决单元 25 , 用于将所述测距认证判决信息生成单元 24生成的测距认 证判决信息与所述认证信息存储单元 23存储的测距认证信息进行比较确定认证 结果, 具体实现时, 例如, 参考图 3 , 所述认证判决单元 25的一个具体实施例可 包括:  The ranging authentication decision information generating unit 24 is configured to generate a distance-differentiated ranging between the user equipment and the optical line terminal according to the authentication decision ranging result of the round-trip multiple ranging of the ranging performing unit 21 when the authentication decision is initiated. The authentication decision information, for example, referring to the foregoing description, the ranging authentication decision information may be ranging authentication decision information of a distance difference amplification process between the user equipment and the optical line terminal; and an authentication decision unit 25, configured to use the ranging The ranging authentication decision information generated by the authentication decision information generating unit 24 is compared with the ranging authentication information stored by the authentication information storage unit 23 to determine an authentication result. For specific implementation, for example, referring to FIG. 3, the authentication determining unit 25 A specific embodiment can include:
比较单元 251 , 用于将测距认证判决信息与测距认证信息进行比较; 确定单元 252, 用于判断比较结果是否在认证范围之内, 若判断结果为是, 则确定认证通过, 否则, 确定认证没有通过, 可拒绝其上线, 或产生告警日志, 提示维护人员进行确认处理等, 这里不再详述。 The comparing unit 251 is configured to compare the ranging authentication decision information with the ranging authentication information; The determining unit 252 is configured to determine whether the comparison result is within the authentication range. If the determination result is yes, it is determined that the authentication is passed. Otherwise, it is determined that the authentication fails, the online can be rejected, or an alarm log is generated, and the maintenance personnel is prompted to perform the confirmation processing. Etc., no longer detailed here.
另外, 参考前述说明, 本实施例中若所述测距执行单元 21的往返多次认证 判决测距结果为往返多次测距的距离, 则所述测距认证判决信息生成单元 24生 成的测距认证判决信息则可以为往返多次测距的距离认证判决信息。  In addition, referring to the foregoing description, in the embodiment, if the round trip multiple authentication decision ranging result of the ranging execution unit 21 is the distance of the round trip multiple ranging, the ranging authentication judgment information generating unit 24 generates the measurement. The authentication judgment information may be distance authentication judgment information for round trip multiple ranging.
而若所述测距执行单元 21的往返多次认证判决测距结果为往返多次测距的 往返时间, 则所述测距认证判决信息生成单元 24生成的测距认证判决信息可以 为往返多次测距的往返时间认证判决信息。  On the other hand, if the round trip multiple authentication decision ranging result of the ranging execution unit 21 is a round trip time of round trip multiple ranging, the ranging authentication judgment information generated by the ranging authentication decision information generating unit 24 may be more round trips. Round trip time authentication decision information for secondary ranging.
综上, 本实施例的无源光网络系统、 光线路终端、 认证信息生成及认证方 法, 可实现将 PON用户端设备和线路绑定, 对绑定的用户端设备认证时, 通过 在用户端设备与光线路终端间往返多次测距并获取往返多次认证判决测距结 果; 根据所述往返多次认证判决测距结果生成用户端设备与光线路终端距离差 异化放大的测距认证判决信息; 然后获取预先保存的用户端设备与光线路终端 距离差异化放大的测距认证信息; 最后将所述测距认证判决信息与所述测距认 证信息进行比较以确定认证结果。 通过对多次测距所得值的差异化放大处理, 避免了 ODN布线时需要保证 ONT各分支长度间的最小差距的要求, 使布线工程 相对更简单。  In summary, the passive optical network system, the optical line terminal, the authentication information generation and the authentication method of the embodiment can be used to bind the PON client device and the line, and when the user equipment is authenticated, the user terminal is authenticated. Round-trip multiple ranging between the device and the optical line terminal and obtain a round-trip multiple authentication decision ranging result; generating a ranging authentication decision for the distance difference between the user equipment and the optical line terminal according to the round-trip multiple authentication decision ranging result And obtaining the distance-authenticated ranging authentication information of the pre-stored user equipment and the optical line terminal; and finally comparing the ranging authentication decision information with the ranging authentication information to determine an authentication result. Through the differential amplification process of the values obtained by multiple ranging, the requirement of ensuring the minimum gap between the lengths of the ONT branches during ODN wiring is avoided, and the wiring engineering is relatively simpler.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程, 是可以通过计算机程序来指令相关的硬件来完成, 所述的程序可存储于一计算 机可读取存储介质中, 该程序在执行时, 可包括如上述各方法的实施例的流程。 其中, 所述的存储介质可为磁碟、 光盘、 只读存储记忆体(Read-Only Memory, ROM )或随机存储记忆体(Random Access Memory, RAM )等。 尽管本说明书参照上述的各个实施例对本发明已进行了详细的说明, 但是, 本 领域的普通技术人员应当理解, 仍然可以对本发明进行修改或者等同替换; 而 一切不脱离本发明的精神和范围的技术方案及其改进, 其均应涵盖在本发明的 权利要求范围当中。  A person skilled in the art can understand that all or part of the process of implementing the above embodiment method can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. In execution, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM). Although the present invention has been described in detail with reference to the embodiments of the present invention, it will be understood by those skilled in the art that the present invention may be modified or equivalently substituted without departing from the spirit and scope of the invention. The technical solutions and their improvements are intended to be included in the scope of the claims of the present invention.

Claims

权 利 要 求 Rights request
1、 一种认证信息生成方法, 其特征在于, 包括:  A method for generating authentication information, comprising:
在各用户端设备与光线路终端间往返多次测距并获取往返多次的认证测距 结果; 的测距认证信息。  The ranging authentication information is obtained by performing round trip multiple ranging between each client device and the optical line terminal and acquiring the authentication ranging result that is repeated multiple times.
2、 根据权利要求 1所述的认证信息生成方法, 其特征在于, 还包括: 保存 各用户端设备与光线路终端间的测距认证信息。 2. The authentication information generating method according to claim 1, further comprising: storing ranging authentication information between each client device and the optical line terminal.
3、 根据权利要求 1所述的认证信息生成方法, 其特征在于, 所述测距认证 信息为用户端设备与光线路终端间距离差异化放大的测距认证信息。 The authentication information generating method according to claim 1, wherein the ranging authentication information is ranging authentication information that is differentiated and amplified by a distance between the user equipment and the optical line terminal.
4、 根据权利要求 1 - 3任一项所述的认证信息生成方法, 其特征在于, 所 述往返多次的认证测距结果为往返多次测距的距离; The authentication information generating method according to any one of claims 1 to 3, wherein the round trip multiple authentication ranging result is a distance from a plurality of round trips;
所述测距认证信息为往返多次测距的距离认证信息。  The ranging authentication information is distance authentication information for round trip multiple ranging.
5、 根据权利要求 1 - 3任一项所述的认证信息生成方法, 其特征在于, 所 述往返多次的认证测距结果为往返多次测距的往返时间; The authentication information generating method according to any one of claims 1 to 3, wherein the round trip multiple authentication ranging result is a round trip time of round trip multiple ranging;
所述测距认证信息为往返多次测距的往返时间认证信息。  The ranging authentication information is round-trip time authentication information for round trip multiple ranging.
6、 一种认证方法, 其特征在于, 包括: 6. An authentication method, characterized in that it comprises:
在用户端设备与光线路终端间往返多次测距并获取往返 次认证判决测 _5巨 结果;  Round-trip multiple distance measurement between the user equipment and the optical line terminal and obtain a round-trip authentication decision _5 giant result;
根据所述往返多次认证判决测距结果生成用户端设备与光线路终端间的测 距认证判决信息; 将所述测距认证判决信息与所述测距认证信息进行比较以确定认证结果。 Generating ranging authentication decision information between the user equipment and the optical line terminal according to the round trip multiple authentication decision ranging result; comparing the ranging authentication decision information with the ranging authentication information to determine an authentication result.
7、 根据权利要求 6所述的认证方法, 其特征在于, 将所述测距认证判决信 息与所述测距认证信息进行比较以确定认证结果包括: 7. The authentication method according to claim 6, wherein comparing the ranging authentication decision information with the ranging authentication information to determine an authentication result comprises:
将测距认证判决信息与测距认证信息进行比较;  Comparing the ranging authentication decision information with the ranging authentication information;
判断比较结果是否在认证范围之内, 若判断结果为是, 则确定认证通过, 否则, 确定认证没有通过。  It is judged whether the comparison result is within the authentication range. If the judgment result is yes, it is determined that the authentication is passed, otherwise, it is determined that the authentication has not passed.
8、 根据权利要求 6所述的认证方法, 其特征在于, 所述测距认证信息为用 户端设备与光线路终端间距萬差异化放大的测距认证信息, 所述测距认证判决 信息为用户端设备与光线路终端间距离差异化放大的测距认证判决信息。 The authentication method according to claim 6, wherein the ranging authentication information is ranging authentication information that is differentially amplified by the user equipment and the optical line terminal, and the ranging authentication decision information is a user. The distance authentication authentication information of the distance between the end device and the optical line terminal is amplified.
9、 根据权利要求 6-8任一项所述的认证方法, 其特征在于, 所述认证判决 测距结果为往返多次测距的距离; The authentication method according to any one of claims 6 to 8, wherein the authentication decision ranging result is a distance from a plurality of round trips;
所述测距认证判决信息为往返多次测距的距萬认证判决信息。  The ranging authentication decision information is a distance authentication decision information of a round trip multiple ranging.
10、 根据权利要求 6-8任一项所述的认证方法, 其特征在于, 所述认证判决 测距结果为往返多次测距的往返时间; The authentication method according to any one of claims 6-8, wherein the authentication decision ranging result is a round trip time of round trip multiple ranging;
所述测距认证判决信息为往返多次测距的往返时间认证判决信息。  The ranging authentication decision information is round-trip time authentication decision information for round trip multiple ranging.
11、 一种光线路终端, 其特征在于, 包括: 11. An optical line terminal, comprising:
测距执行单元, 用于在用户端设备与光线路终端间进行测距;  a ranging execution unit, configured to perform ranging between the user equipment and the optical line terminal;
测距认证信息生成单元, 用于在启动测距认证信息生成时, 根据测距执行 单元往返多次测距的测距结果生成用户端设备与光线路终端间的测距认证信 息; 信息;  The ranging authentication information generating unit is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated;
测距认证判决信息生成单元, 用于在启动认证判决时, 根据测距执行单元 往返多次测距的认证判决测距结果生成用户端设备与光线路终端间的测距认证 判决信息;  a ranging authentication decision information generating unit, configured to generate ranging authentication decision information between the user equipment and the optical line terminal according to the authentication decision ranging result of the round trip ranging from the ranging execution unit when the authentication decision is initiated;
认证判决单元, 用于将所述测距认证判决信息生成单元生成的测距认证判 决信息与所述认证信息存储单元存储的测距认证信息进行比较确定认证结果。 The authentication decision unit is configured to compare the ranging authentication decision information generated by the ranging authentication decision information generating unit with the ranging authentication information stored by the authentication information storage unit to determine an authentication result.
12、 根据权利要求 11所述的光线路终端, 其特征在于, 所述认证判决单元 包括: The optical line terminal according to claim 11, wherein the authentication decision unit comprises:
比较单元, 用于将测距认证判决信息与测距认证信息进行比较;  a comparing unit, configured to compare the ranging authentication decision information with the ranging authentication information;
确定单元, 用于判断比较结果是否在认证范围之内, 若判断结果为是, 则 确定认证通过, 否则, 确定认证没有通过。  The determining unit is configured to determine whether the comparison result is within the authentication range. If the determination result is yes, it is determined that the authentication is passed, otherwise, the authentication is determined to have failed.
13、 根据权利要求 11所述的光线路终端, 其特征在于, 所述测距认证信息 生成单元生成的测距认证信息为用户端设备与光线路终端间距离差异化放大的 测距认证信息, 所述测距认证判决信息生成单元生成的测距认证判决信息为用 户端设备与光线路终端间距离差异化放大的测距认证判决信息。 The optical line terminal according to claim 11, wherein the ranging authentication information generated by the ranging authentication information generating unit is ranging authentication information that is differentiated and amplified by a distance between the user equipment and the optical line terminal. The ranging authentication decision information generated by the ranging authentication decision information generating unit is ranging authentication decision information in which the distance between the user equipment and the optical line terminal is differentiated and amplified.
14、 根据权利要求 11-13任一项所述的光线路终端, 其特征在于, 所述测距 执行单元往返多次测距的认证判决测距结果为往返多次测距的距离; The optical line terminal according to any one of claims 11 to 13, wherein the distance measurement result of the round trip ranging from the ranging execution unit is a distance of multiple round trips;
所述测距认证判决信息生成单元生成的测距认证判决信息为往返多次测距 的距离认证判决信息。  The ranging authentication decision information generated by the ranging authentication decision information generating unit is distance authentication judgment information for round trip multiple ranging.
15、 根据权利要求 11-13任一项所述的光线路终端, 其特征在于, 所述测距 执行单元往返多次测距的认证判决测距结果为往返多次测距的往返时间; The optical line terminal according to any one of claims 11 to 13, wherein the distance determination result of the round trip multiple ranging ranging from the ranging execution unit is a round trip time of round trip multiple ranging;
所述测距认证判决信息生成单元生成的测距认证判决信息为往返多次测距 的往返时间认证判决信息。  The ranging authentication decision information generated by the ranging authentication decision information generating unit is round-trip time authentication decision information for round-trip multiple ranging.
16、 一种无源光网络系统, 包括: 用户端设备和光线路终端, 其特征在于, 所述光线路终端包括: A passive optical network system, comprising: a client device and an optical line terminal, wherein the optical line terminal comprises:
测距执行单元, 用于在用户端设备与光线路终端间进行测距;  a ranging execution unit, configured to perform ranging between the user equipment and the optical line terminal;
测距认证信息生成单元, 用于在启动测距认证信息生成时, 根据测距执行 单元往返多次测距的测距结果生成用户端设备与光线路终端间的测距认证信 息; 信息;  The ranging authentication information generating unit is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated;
测距认证判决信息生成单元, 用于在启动认证判决时, 根据测距执行单元 往返多次测距的认证判决测距结果生成用户端设备与光线路终端间的测距认证 判决信息; a ranging authentication decision information generating unit, configured to execute the unit according to the ranging when the authentication decision is initiated The authentication decision ranging result of the round trip multiple ranging determines the ranging authentication decision information between the user equipment and the optical line terminal;
认证判决单元, 用于将所述测距认证判决信息生成单元生成的测距认证判 决信息与所述认证信息存储单元存储的测距认证信息进行比较确定认证结果。  The authentication decision unit is configured to compare the ranging authentication determination information generated by the ranging authentication decision information generating unit with the ranging authentication information stored by the authentication information storage unit to determine an authentication result.
17、 根据权利要求 16所述的无源光网络系统, 其特征在于, 所述测距认证 信息生成单元生成的测距认证信息为用户端设备与光线路终端间距离差异化放 大的测距认证信息, 所述测距认证判决信息生成单元生成的测距认证判决信息 为用户端设备与光线路终端间距离差异化放大的测距认证判决信息。 The passive optical network system according to claim 16, wherein the ranging authentication information generated by the ranging authentication information generating unit is a distance authentication for differentiating the distance between the user equipment and the optical line terminal. The ranging authentication decision information generated by the ranging authentication decision information generating unit is ranging authentication decision information that is differentiated and amplified by the distance between the user equipment and the optical line terminal.
PCT/CN2008/073409 2007-12-19 2008-12-10 Passive optical network system, optical line terminal, and method for generating and authenticating authentication information WO2009089708A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2007100327047A CN101465694A (en) 2007-12-19 2007-12-19 Passive optical network system, optical line terminal, authentication information generation and authentication method
CN200710032704.7 2007-12-19

Publications (1)

Publication Number Publication Date
WO2009089708A1 true WO2009089708A1 (en) 2009-07-23

Family

ID=40806076

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073409 WO2009089708A1 (en) 2007-12-19 2008-12-10 Passive optical network system, optical line terminal, and method for generating and authenticating authentication information

Country Status (2)

Country Link
CN (1) CN101465694A (en)
WO (1) WO2009089708A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082977B (en) * 2009-12-01 2014-03-05 中国电信股份有限公司 Authentication method and system of optical network unit
CN113993013B (en) * 2021-11-19 2022-09-16 北京邮电大学 PON identity authentication method based on fiber channel characteristics and neural network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020060823A1 (en) * 2000-10-24 2002-05-23 Nec Corporation Optical subscriber system and transmission line distance monitoring method
CN1383276A (en) * 2001-04-25 2002-12-04 华为技术有限公司 Method for measuring distance in passive optical ATM network
CN1855813A (en) * 2005-04-27 2006-11-01 华为技术有限公司 Verificating method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020060823A1 (en) * 2000-10-24 2002-05-23 Nec Corporation Optical subscriber system and transmission line distance monitoring method
CN1383276A (en) * 2001-04-25 2002-12-04 华为技术有限公司 Method for measuring distance in passive optical ATM network
CN1855813A (en) * 2005-04-27 2006-11-01 华为技术有限公司 Verificating method and device

Also Published As

Publication number Publication date
CN101465694A (en) 2009-06-24

Similar Documents

Publication Publication Date Title
US20200328883A1 (en) Domain name blockchain user addresses
CN101360015B (en) Method, system and apparatus for test network appliance
CN100591011C (en) Identification method and system
US8220032B2 (en) Methods, devices, and computer program products for discovering authentication servers and establishing trust relationships therewith
US20100306839A1 (en) Entity bi-directional identificator method and system based on trustable third party
JP5257717B2 (en) Entity bi-directional identification method supporting fast handoff
US7937749B2 (en) Method and system for managing network
CN102271134B (en) Method and system for configuring network configuration information, client and authentication server
JP4129216B2 (en) Group judgment device
CN108805571A (en) Data guard method, platform, block chain node, system and storage medium
CN110460371B (en) Optical resource checking method and system
CN110602123A (en) Single-point certificate authentication system and method based on micro-service
CN106992986A (en) A kind of method and system of hybrid authentication
CN101114910B (en) ONT/ONU authentication method and system in PON system
CN108234119A (en) A kind of digital certificate management method and platform
WO2009089708A1 (en) Passive optical network system, optical line terminal, and method for generating and authenticating authentication information
CN103905236A (en) Terminal positioning method, system and device
CN102480472B (en) Application program integration login method of enterprise inner network and verification server thereof
CN108834146A (en) A kind of Bidirectional identity authentication method between terminal and authentication gateway
CN109729048A (en) A kind of joint qualification method, system, related platform and medium
CN102281291A (en) Log-in method and system
CN104540183B (en) A kind of control method and device of hotspot
WO2018058624A1 (en) Method for accessing optical network by optical network unit, and authentication device and system
CN105847218B (en) A kind of method, business platform and system controlling user right
CN103780395B (en) Network insertion proves the method and system of two-way measurement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08870625

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08870625

Country of ref document: EP

Kind code of ref document: A1