WO2014075266A1 - Authentication method, apparatus and system - Google Patents

Authentication method, apparatus and system Download PDF

Info

Publication number
WO2014075266A1
WO2014075266A1 PCT/CN2012/084674 CN2012084674W WO2014075266A1 WO 2014075266 A1 WO2014075266 A1 WO 2014075266A1 CN 2012084674 W CN2012084674 W CN 2012084674W WO 2014075266 A1 WO2014075266 A1 WO 2014075266A1
Authority
WO
WIPO (PCT)
Prior art keywords
physical line
central office
terminal device
authentication
branch
Prior art date
Application number
PCT/CN2012/084674
Other languages
French (fr)
Chinese (zh)
Inventor
张群
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2012/084674 priority Critical patent/WO2014075266A1/en
Priority to CN201280002345.XA priority patent/CN103222249B/en
Publication of WO2014075266A1 publication Critical patent/WO2014075266A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an authentication method, apparatus, and system.
  • the authentication device needs to authenticate at least two terminals, and the terminal device can communicate only after the authentication is passed.
  • the method for the authentication device to authenticate the terminal device may include:
  • the terminal device sends the physical identification information of the device to the authentication device.
  • the physical identifier information may be, but not limited to: ( Serial Number, serial number 'J number) or MAC (Media Access Controller layer) address, etc. ; Among them, SN is used in GPON (Gigabi t_capable Passive Optical Networks), in EPON
  • the MAC address is used in the Ethernet Passive Optical Network (Ethernet Passive Optical Network);
  • the authentication device authenticates the terminal according to the received physical identification information.
  • the physical identification information of the replaced terminal may change.
  • the authentication device also needs to authenticate the replaced terminal. The process is cumbersome, which increases the burden on the system and reduces the performance of the system.
  • the embodiment of the present invention provides an authentication method, device, and system, which solves the problem that when the terminal is replaced, the physical identification information of the replaced terminal may change accordingly, and the authentication device needs to perform authentication on the replaced terminal.
  • the cumbersomeness increases the burden on the system, which in turn reduces the performance of the system.
  • the first aspect provides an authentication method, where the authentication method is applied to a point-to-multipoint system, including: a central office device, an intermediate device, and at least one terminal device; At least one terminal device is connected, and the central office device passes the backbone physical The method is connected to the intermediate device, and the intermediate device is connected to the at least one terminal device by using a plurality of branch physical lines, wherein the method includes:
  • the terminal device sends an authentication request to the central office device by using the intermediate device, where the authentication request includes a physical line identifier of a branch physical line where the terminal device is located, and a physical line identifier of the branch physical line is used for unique Identifying the branch physical line;
  • the terminal device receives an authentication response sent by the central office device by using the intermediate device, where the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
  • the method further includes:
  • the terminal device acquires a physical line identifier of the branch physical line
  • the terminal device sends the physical line identifier of the branch physical line to the central office device.
  • the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify the central office device and a trunk physical line between the intermediate devices, the intermediate device identifier for uniquely identifying the intermediate device.
  • an authentication method is provided, where the authentication method is applied to a point-to-multipoint system, including: a central office device, an intermediate device, and at least one terminal device; The at least one terminal device is connected to the intermediate device, and the intermediate device is connected to the at least one terminal device through a plurality of branch physical lines, wherein the The methods include:
  • the central office device receives an authentication request sent by the terminal device by using the intermediate device, where the authentication request includes a physical line identifier of a branch physical line where the terminal device is located, and a physical line identifier of the branch physical line is used for Uniquely identifying the branch physical line;
  • the central office device authenticates the terminal device according to the physical line identifier of the branch physical line, and returns an authentication response to the terminal device by using the intermediate device.
  • the authentication method further includes: The central office device receives the physical line identifier of the branch physical line sent by the terminal device and stores the physical line identifier.
  • the determining, by the central office device, the device identifier according to the physical line identifier of the branch physical line specifically includes:
  • the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify the central office device and a trunk physical line between the intermediate devices, the intermediate device identifier for uniquely identifying the intermediate device.
  • a terminal device including:
  • a first sending unit configured to send, by using the intermediate device, an authentication request to the central office device, where the authentication request includes a physical line identifier of a branch physical line where the terminal device is located, and a physical line identifier of the branch physical line
  • the first receiving unit is configured to receive an authentication response that is sent by the central office device by using the intermediate device, where the authentication response is that the central office device is configured according to the authentication request. The response returned by the terminal device after authentication.
  • the terminal device further includes:
  • An acquiring unit configured to acquire a physical line identifier of the branch physical line
  • the first sending unit is further configured to send the physical line identifier of the branch physical line to the central office device.
  • the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify the central office device and a trunk physical line between the intermediate devices, the intermediate device identifier for uniquely identifying the intermediate device.
  • the fourth aspect provides a central office device, including:
  • a second receiving unit configured to receive, by using the intermediate device, an authentication request sent by the terminal device, where the authentication request includes a physical line identifier of a branch physical line where the terminal device is located, where the physical line identifier of the branch physical line is used
  • the processing unit is configured to authenticate the terminal device according to the physical line identifier of the branch physical line, and return an authentication response to the terminal device by using the intermediate device.
  • the second receiving unit is further configured to receive and store a physical line identifier of the branch physical line sent by the terminal device.
  • the processing unit is specifically configured to determine a physical line identifier in the authentication request and the stored branch physical line Whether the physical line identifiers are the same;
  • the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify the central office device and a trunk physical line between the intermediate devices, the intermediate device identifier for uniquely identifying the intermediate device.
  • an authentication system including:
  • a central office device is connected to the at least one terminal device by using the intermediate device, and the central office device is connected to the intermediate device by using a trunk physical line.
  • the intermediate device is connected to the at least one terminal device by using a plurality of branch physical lines, wherein the terminal device is the terminal device provided above, and the central office device is the central office device provided above.
  • the terminal device sends an authentication request to the central office device through the intermediate device, and the terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is the central office end.
  • the central office device is authenticated according to the corresponding physical line identifier, and is connected between the central office device and the terminal device.
  • the physical line is not replaced. Therefore, the central office device does not need to authenticate the replaced terminal device, which avoids the authentication of the updated terminal device, reduces the burden on the system, and increases the performance of the system.
  • FIG. 1 is a schematic structural diagram of an authentication system according to an embodiment of the present disclosure
  • FIG. 2 is a flow chart of an authentication method using a terminal device as an execution subject according to the embodiment
  • FIG. 3 is a flow chart of an authentication method using a central office device as an execution subject according to the embodiment
  • FIG. 5 is a schematic structural diagram of another authentication system according to the embodiment.
  • FIG. 6 is a flowchart of an authentication method applied to an optical network system according to an embodiment of the present invention
  • FIG. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present disclosure
  • FIG. 8 is a schematic structural diagram of another terminal device according to the embodiment.
  • FIG. 9 is a schematic structural diagram of a central office device according to an embodiment of the present disclosure.
  • the embodiment provides an authentication method, which can be applied to a P2MP point-to-multipoint system.
  • the method can include: a central office device, an intermediate device, and at least one terminal device;
  • the intermediate device is connected to the at least one terminal device through the intermediate device, and the central office device is connected to the intermediate device through the trunk physical line, and the intermediate device is respectively connected to the at least one terminal device through multiple branch physical lines;
  • the execution body of the method may be the terminal device As shown in Figure 2, it can include:
  • the terminal device sends an authentication request to the central office device through the intermediate device, where the authentication request includes the physical line identifier of the branch physical line where the terminal device is located, and the physical line identifier of the branch physical line is used to uniquely identify the branch physical line.
  • the terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
  • the present embodiment is not limited to the functions of the P2MP and the intermediate device.
  • the intermediate device may be, but not limited to, used for splitting, and details are not described herein again.
  • the terminal device sends an authentication request to the central office device through the intermediate device; the terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request. .
  • the terminal device since the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced, the central office device does not need to be replaced.
  • the terminal device is authenticated, the authentication of the updated terminal device is avoided, the burden on the system is reduced, and the performance of the system is increased.
  • This embodiment provides another authentication method, which can be applied to a P 2MP point-to-multipoint system.
  • the method may include: a central office device, an intermediate device, and at least one terminal device; The at least one terminal device is connected, and the central office device is connected to the intermediate device through the trunk physical line, and the intermediate device is connected to the at least one terminal device through multiple branch physical lines.
  • the execution body of the method may be the central office device, as shown in the figure. As shown in 3, it can include:
  • the central office device receives the authentication request sent by the terminal device by using the intermediate device, where the authentication request includes the physical line identifier of the branch physical line where the terminal device is located, and the physical line identifier of the branch physical line is used to uniquely identify the branch physical line. 302.
  • the central office device authenticates the terminal device according to the physical line identifier of the branch physical line, and returns an authentication response to the terminal device by using the intermediate device.
  • the central office device receives the authentication request sent by the terminal device through the intermediate device; the central office device authenticates the terminal device according to the physical line identifier of the branch physical line, and returns an authentication response to the terminal device through the intermediate device.
  • the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced. Therefore, the central office device does not need to be replaced.
  • the latter terminal device performs authentication, which avoids the authentication of the updated terminal device, reduces the burden on the system, and further increases the performance of the system.
  • This embodiment provides another authentication method, which is a further extension of the method shown in FIG. 2 and FIG. 3. As shown in FIG. 4, the method may include:
  • the terminal device sends an authentication request to the central office device by using the intermediate device.
  • the authentication request may include, but is not limited to, the physical line identifier of the branch physical line where the terminal device is located, and the physical line identifier of the branch physical line is used to uniquely identify the branch physical line.
  • the authentication request may further include: service information required by the terminal device, and the terminal device The identity of the terminal device, etc.
  • the content included in the authentication request is not limited, and may be set according to actual needs, and details are not described herein again.
  • the terminal device Before the terminal device sends the authentication request, the terminal device also needs to obtain the physical line identifier of the branch physical line, and the terminal device sends the physical line identifier of the branch physical line to the central office device.
  • branch physical line may be, but not limited to, a branch fiber
  • physical line identifier may be, but not limited to, a fiber identifier
  • the physical line identifier of the branch physical line where the terminal device obtains may include: after the terminal device is connected to the branch fiber, the branch fiber may be obtained from the connected branch fiber. logo.
  • Different optical fibers can be set with different optical transmission parameters, so that data can be transmitted through different optical fibers. Different ways, therefore, different optical fibers can be distinguished according to optical transmission parameters; in addition, different optical fiber IDs are different, and different optical fibers can be distinguished according to optical fiber IDs.
  • the branch fiber identifier may be, but not limited to, a light transmission parameter when transmitting the authentication request, or a branch fiber ID that is a transmission authentication request.
  • the terminal device can obtain the encoded information from the branch fiber plug, and the coded information is the branch light If I D .
  • the method for obtaining the optical conduction parameter and the branch fiber I D of the terminal is not limited in this embodiment, and is a technology well known to those skilled in the art, and details are not described herein again.
  • the branch fiber identifier is not limited, and may be set according to actual needs, and details are not described herein again.
  • the terminal device may also send the branch fiber identifier to the central office device for storage by the central office device.
  • the authentication request may further include, but is not limited to: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify a trunk physical line between the central office device and the intermediate device, and the intermediate device identifier is used for Uniquely identifies the intermediate device.
  • the trunk physical line may be, but not limited to, a trunk fiber.
  • the physical line identifier of the trunk physical line may also be, but not limited to, an optical fiber ID, or a light transmission parameter of the backbone fiber.
  • the terminal device sending the authentication request to the central office device by using the intermediate device may include, but is not limited to: when the terminal device is connected to the optical fiber, the terminal device is actively triggered to send an authentication request to the central office device; or After the terminal device is connected to the optical fiber and starts an authentication procedure, the terminal device is triggered to send an authentication request to the central office device.
  • the central office device receives an authentication request sent by the terminal device by using the intermediate device.
  • the central office device authenticates the terminal device according to the physical line identifier of the branch physical line.
  • the central office device may further include, according to the physical line identifier of the branch physical line, the terminal device, including but not limited to: The central office device determines whether the physical line identifier in the authentication request is the same as the physical line identifier of the stored branch physical line; if the same, the authentication passes; otherwise, the authentication fails.
  • the physical line identifier of the stored branch physical line may be stored by the terminal device after being sent to the central office device after acquiring the physical line identifier of the branch physical line.
  • the method for authenticating the terminal device by the central office device is not limited, and is a technology well known to those skilled in the art, and may be set according to actual needs, and details are not described herein again.
  • the central office device may be based on the physical line identifier of the branch physical line, the physical line identifier of the trunk physical line, or the intermediate device identifier pair.
  • the terminal device performs authentication.
  • the method for authenticating the terminal device by the central office device is not limited, and is a technology that is well known to those skilled in the art, and may be set according to actual needs, and details are not described herein again.
  • the central office device sends an authentication response to the terminal device by using the intermediate device.
  • the terminal device When the authentication response received by the terminal device is used to describe whether the terminal device passes the authentication, if the authentication is passed, the terminal starts to communicate; when the authentication response received by the terminal device is used to describe the failed authentication, the terminal device may be, but is not limited to, Send an authentication request to the central office device.
  • the central office device detects the physical line identifier that is included in the received authentication request sent by the updated terminal device and transmits the authentication request. If the authentication has passed, the authentication response is successfully sent to the terminal device to describe the authentication success. If the authentication fails, the updated terminal device is authenticated according to the physical line identifier included in the authentication request, and sent. Certification response.
  • the method for authenticating the terminal device by the central office device is not limited in this embodiment, and is a technology well known to those skilled in the art, and details are not described herein again.
  • the terminal device sends an authentication request to the central office device through the intermediate device; the terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request. .
  • the terminal device since the central office device is authenticated according to the corresponding physical line identifier, and The physical line between the receiving end device and the terminal device is not replaced. Therefore, the central office device does not need to authenticate the replaced terminal device, thereby avoiding the authentication of the updated terminal device, thereby reducing the burden on the system, thereby increasing the burden. System performance.
  • the terminal device may be an optical network unit (Optical Network Unit)
  • the central office device may be an optical line terminal (OLT)
  • the intermediate device may be a splitter.
  • the embodiment provides an authentication method, which may be, but is not limited to, being applied to an optical network system.
  • the optical network system includes: at least one ONU optical access terminal device, 0LT optical access head end device, and optical splitter;
  • the 0LT is connected to the optical splitter through the main fiber, and the optical splitter is respectively connected to the at least one ONU through the plurality of branch fibers, wherein the main fiber and the branch fiber are both configured with the optical fiber identifier;
  • the method includes :
  • the 601, 0 sends an authentication request to the 0LT through the optical splitter, and the authentication request includes the optical fiber identifier of the backbone fiber and the branch fiber for transmitting the authentication request;
  • 0LT receives an authentication request sent by the optical splitter, and the authentication request includes a fiber identifier of the backbone fiber and the branch fiber for transmitting the authentication request;
  • optical network system and the optical splitter are not limited in this embodiment, and are well known to those skilled in the art, and are not described herein again.
  • 0LT is connected to six 0NUs.
  • Each trunk fiber is used to connect three branch fibers through a splitter, and each branch fiber is used to connect a volume.
  • the specific steps of the authentication may be To include:
  • 0NU 1 sends an authentication request to the OLT through the branch fiber 1 and the backbone fiber 1.
  • the authentication request includes the fiber identifiers of the branch fiber 1 and the backbone fiber 1;
  • 0LT authenticates the ONU 1 according to the fiber identifiers of the branch fiber 1 and the backbone fiber 1, and
  • the authentication response is sent to the ONU 1; if the authentication is passed, the ONU 1 can communicate.
  • 0LT since 0LT authenticates 0NU 1 according to the fiber identifiers of branch fiber 1 and trunk fiber 1, when 0NU 1 is replaced with 0NU7, it is transmitted by branch fiber 1 and trunk fiber 1 The authentication request, therefore, 0LT does not need to authenticate to the ONU7, and can directly send an authentication response for the authentication pass to the ONU7.
  • the central office device does not need to authenticate the replaced ONU, which avoids the authentication of the updated ONU, reduces the burden on the system, and thus increases the performance of the system.
  • the terminal device may include: a sending unit 7 1 configured to send an authentication request to the central office device by using the intermediate device, where the authentication request includes the physical of the branch physical line where the terminal device is located.
  • the line identifier, the physical line identifier of the branch physical line is used to uniquely identify the branch physical line;
  • the first receiving unit 72 is configured to receive an authentication response sent by the central office device by using the intermediate device, where the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
  • the sending unit sends an authentication request to the central office device through the intermediate device; the first receiving unit receives the authentication response sent by the central office device through the intermediate device, and the authentication response is that the central office device performs authentication on the terminal device according to the authentication request, and then returns. the response to.
  • the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced. Therefore, the central office device does not need to replace the replaced terminal device.
  • the authentication of the updated terminal device is avoided, the burden on the system is reduced, and the performance of the system is increased.
  • the terminal device may include:
  • the sending unit 81 is configured to send an authentication request to the central office device by using the intermediate device, where the authentication request includes a physical line identifier of the branch physical line where the terminal device is located, and the physical line identifier of the branch physical line is used to uniquely identify the branch physical line;
  • the first receiving unit 82 is configured to receive an authentication response sent by the central office device by using the intermediate device, where the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
  • the terminal device further includes:
  • An obtaining unit 83 configured to acquire a physical line identifier of the branch physical line
  • the sending unit 81 is further configured to send the physical line identifier of the branch physical line to the central office device.
  • the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify a trunk physical line between the central office device and the intermediate device, and the intermediate device identifier is used to uniquely identify the intermediate device. .
  • the sending unit sends an authentication request to the central office device through the intermediate device; the first receiving unit receives the authentication response sent by the central office device through the intermediate device, and the authentication response is that the central office device performs authentication on the terminal device according to the authentication request, and then returns. the response to.
  • the central office device since the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced, the central office device does not need to be replaced.
  • the terminal device is authenticated, the authentication of the updated terminal device is avoided, the burden on the system is reduced, and the performance of the system is increased.
  • the embodiment provides a central office device.
  • the central office device may include: a second receiving unit 91, configured to receive, by using an intermediate device, an authentication request sent by the terminal device, where the authentication request includes a branch physics where the terminal device is located.
  • Physical line identification of the line, branch physical line The physical line identifier of the road is used to uniquely identify the branch physical line;
  • the processing unit 92 is configured to perform authentication on the terminal device according to the physical line identifier of the branch physical line, and return an authentication response to the terminal device by using the intermediate device.
  • the second receiving unit 91 is further configured to receive and store the physical line identifier of the branch physical line sent by the terminal device.
  • processing unit 92 is specifically configured to determine whether the physical line identifier in the authentication request is the same as the physical line identifier of the stored branch physical line;
  • the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify a trunk physical line between the central office device and the intermediate device, and the intermediate device identifier is used to uniquely identify the intermediate device. .
  • the second receiving unit receives the authentication request sent by the terminal device by using the intermediate device; the processing unit authenticates the terminal device according to the physical line identifier of the branch physical line, and returns an authentication response to the terminal device by using the intermediate device.
  • the processing unit authenticates the terminal device according to the physical line identifier of the branch physical line, and returns an authentication response to the terminal device by using the intermediate device.
  • This embodiment provides an authentication system, as shown in FIG. 1, which may include: a central office device 1 2, an intermediate device 1 3, at least one terminal device 1 1;
  • the central office device 1 2 is connected to the at least one terminal device 11 through the intermediate device 13 , and the central office device 12 is connected to the intermediate device 13 through the trunk physical line, and the intermediate device 13 respectively and at least through the plurality of branch physical lines
  • a terminal device 1 1 is connected, and the terminal device 1 1 may be the terminal device shown in FIG. 7 or FIG. 8 , and the central office device 12 may be the optical line terminal shown in FIG. 9 .
  • the terminal device sends an authentication request to the central office device through the intermediate device; the terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is the central office setting.
  • the response returned after the terminal device is authenticated according to the authentication request.
  • the terminal device since the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced, the central office device does not need to be replaced.
  • the terminal device is authenticated, the authentication of the updated terminal device is avoided, the burden on the system is reduced, and the performance of the system is increased.
  • the present invention can be implemented by means of software plus necessary general hardware, and of course, by hardware, but in many cases, the former is a better implementation. .
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer.
  • a hard disk or optical disk or the like includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.

Abstract

Embodiments of the present invention relate to the technical field of communications, provide an authentication method, an apparatus and a system, and solve a problem that when a terminal is replaced, physical identification information of the terminal after replacement may change accordingly, an authentication device needs to authenticate the terminal after replacement, and a process is complicated, which increases burden of the system and reduces performance of the system. The concrete steps can comprise: a terminal device sending an authentication request to an office end device through an intermediate device; the terminal device receiving an authentication response sent by the office end device through the intermediate device, and the authentication response is a response returned by the office end device after authenticating the terminal device according to the authentication request. The present invention can apply to a process of authenticating the terminal.

Description

认证方法、 装置和系统 技术领域  Authentication method, device and system
本发明涉及通信技术领域, 尤其涉及认证方法、 装置和系统。  The present invention relates to the field of communications technologies, and in particular, to an authentication method, apparatus, and system.
背景技术 Background technique
在 P2MP 系统中, 认证设备需要对至少两个终端进行认证, 只有当认 证通过后, 终端设备才可以进行通信。  In a P2MP system, the authentication device needs to authenticate at least two terminals, and the terminal device can communicate only after the authentication is passed.
认证设备对终端设备进行认证的方法可以包括:  The method for the authentication device to authenticate the terminal device may include:
1.终端设备将自身的设备的物理标识信息发送至认证设备,物理标识 信息可以为但不限于: ( Serial Number, 序歹 'J号) 或 MAC ( Media Access Controller, 介质访问控制层)地址等; 其中, 在 GPON ( Gigabi t_capable Passive Optical Networks , G 比特无源光网络) 中采用 SN,在 EPON 1. The terminal device sends the physical identification information of the device to the authentication device. The physical identifier information may be, but not limited to: ( Serial Number, serial number 'J number) or MAC (Media Access Controller layer) address, etc. ; Among them, SN is used in GPON (Gigabi t_capable Passive Optical Networks), in EPON
( Ethernet Passive Optical Network, 以太网无源光网给) 中采用 MAC 地址; The MAC address is used in the Ethernet Passive Optical Network (Ethernet Passive Optical Network);
2.认证设备根据接收到的物理标识信息对终端进行认证。  2. The authentication device authenticates the terminal according to the received physical identification information.
当终端被更换时, 更换后的终端的物理标识信息可能随之变化,认证 设备还需要对更换后的终端进行认证,过程较为繁瑣,增加了系统的负担, 进而降低了系统的性能。  When the terminal is replaced, the physical identification information of the replaced terminal may change. The authentication device also needs to authenticate the replaced terminal. The process is cumbersome, which increases the burden on the system and reduces the performance of the system.
发明内容 Summary of the invention
本发明的实施例提供一种认证方法、 装置和系统, 解决了当终端被更 换时, 更换后的终端的物理标识信息可能随之变化, 认证设备需要在对更 换后的终端进行认证, 过程较为繁瑣, 增加了系统的负担, 进而降低了系 统的性能的问题。  The embodiment of the present invention provides an authentication method, device, and system, which solves the problem that when the terminal is replaced, the physical identification information of the replaced terminal may change accordingly, and the authentication device needs to perform authentication on the replaced terminal. The cumbersomeness increases the burden on the system, which in turn reduces the performance of the system.
为达到上述目的, 本发明的实施例采用如下技术方案:  In order to achieve the above object, the embodiment of the present invention adopts the following technical solutions:
第一方面,提供一种认证方法,所述认证方法应用于点到多点系统中, 包括: 局端设备、 中间设备、 至少一个终端设备; 所述局端设备通过所述 中间设备与所述至少一个终端设备进行连接,所述局端设备通过主干物理 线路与所述中间设备进行连接,所述中间设备通过多条分支物理线路分别 与所述至少一个终端设备进行连接, 其特征在于, 所述方法包括: The first aspect provides an authentication method, where the authentication method is applied to a point-to-multipoint system, including: a central office device, an intermediate device, and at least one terminal device; At least one terminal device is connected, and the central office device passes the backbone physical The method is connected to the intermediate device, and the intermediate device is connected to the at least one terminal device by using a plurality of branch physical lines, wherein the method includes:
所述终端设备通过所述中间设备向所述局端设备发送认证请求,所述 认证请求包括所述终端设备所在的分支物理线路的物理线路标识,所述分 支物理线路的物理线路标识用于唯一标识所述分支物理线路;  The terminal device sends an authentication request to the central office device by using the intermediate device, where the authentication request includes a physical line identifier of a branch physical line where the terminal device is located, and a physical line identifier of the branch physical line is used for unique Identifying the branch physical line;
所述终端设备接收所述局端设备通过所述中间设备发送的认证响应 , 所述认证响应为所述局端设备根据所述认证请求对所述终端设备进行认 证后返回的响应。  The terminal device receives an authentication response sent by the central office device by using the intermediate device, where the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
在第一种可能实现的方式中, 所述方法还包括:  In a first possible implementation manner, the method further includes:
所述终端设备获取所述分支物理线路的物理线路标识;  The terminal device acquires a physical line identifier of the branch physical line;
所述终端设备发送所述分支物理线路的物理线路标识给所述局端设 备。  The terminal device sends the physical line identifier of the branch physical line to the central office device.
结合第一方面, 在第二种可能实现的方式中, 所述认证请求还包括: 主干物理线路标识, 和 /或中间设备标识, 所述主干物理线路标识用于唯 一标识所述局端设备与所述中间设备之间的主干物理线路,所述中间设备 标识用于唯一标识所述中间设备。  With reference to the first aspect, in a second possible implementation manner, the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify the central office device and a trunk physical line between the intermediate devices, the intermediate device identifier for uniquely identifying the intermediate device.
第二方面,提供一种认证方法,所述认证方法应用于点到多点系统中, 包括: 局端设备、 中间设备、 至少一个终端设备; 所述局端设备通过所述 中间设备与所述至少一个终端设备进行连接,所述局端设备通过主干物理 线路与所述中间设备进行连接,所述中间设备通过多条分支物理线路分别 与所述至少一个终端设备进行连接, 其特征在于, 所述方法包括:  In a second aspect, an authentication method is provided, where the authentication method is applied to a point-to-multipoint system, including: a central office device, an intermediate device, and at least one terminal device; The at least one terminal device is connected to the intermediate device, and the intermediate device is connected to the at least one terminal device through a plurality of branch physical lines, wherein the The methods include:
所述局端设备通过所述中间设备接收所述终端设备发送的认证请求, 所述认证请求包括所述终端设备所在的分支物理线路的物理线路标识 ,所 述分支物理线路的物理线路标识用于唯一标识所述分支物理线路;  The central office device receives an authentication request sent by the terminal device by using the intermediate device, where the authentication request includes a physical line identifier of a branch physical line where the terminal device is located, and a physical line identifier of the branch physical line is used for Uniquely identifying the branch physical line;
所述局端设备根据所述分支物理线路的物理线路标识,对所述终端设 备进行认证, 并通过所述中间设备返回认证响应给所述终端设备。  The central office device authenticates the terminal device according to the physical line identifier of the branch physical line, and returns an authentication response to the terminal device by using the intermediate device.
在第一种可能实现的方式中, 所述认证方法还包括: 所述局端设备接收所述终端设备发送的所述分支物理线路的物理线 路标识并进行存储。 In a first possible implementation manner, the authentication method further includes: The central office device receives the physical line identifier of the branch physical line sent by the terminal device and stores the physical line identifier.
结合第二方面的第一种可能实现的方式, 在第二种可能实现的方式 中, 所述局端设备根据所述分支物理线路的物理线路标识, 对所述终端设 备认证具体包括:  With reference to the first possible implementation of the second aspect, in a second possible implementation manner, the determining, by the central office device, the device identifier according to the physical line identifier of the branch physical line, specifically includes:
所述局端设备判断所述认证请求中的物理线路标识与所述存储的分 支物理线路的物理线路标识是否相同;  Determining, by the central office device, whether the physical line identifier in the authentication request is the same as the physical line identifier of the stored branch physical line;
若相同, 则认证通过; 否则, 认证不通过。  If they are the same, the authentication passes; otherwise, the authentication fails.
结合第二方面, 在第三种可能实现的方式中, 所述认证请求还包括: 主干物理线路标识, 和 /或中间设备标识, 所述主干物理线路标识用于唯 一标识所述局端设备与所述中间设备之间的主干物理线路,所述中间设备 标识用于唯一标识所述中间设备。  With reference to the second aspect, in a third possible implementation manner, the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify the central office device and a trunk physical line between the intermediate devices, the intermediate device identifier for uniquely identifying the intermediate device.
第三方面, 提供一种终端设备, 包括:  In a third aspect, a terminal device is provided, including:
第一发送单元, 用于通过所述中间设备向所述局端设备发送认证请 求, 所述认证请求包括所述终端设备所在的分支物理线路的物理线路标 识, 所述分支物理线路的物理线路标识用于唯一标识所述分支物理线路; 第一接收单元,用于接收所述局端设备通过所述中间设备发送的认证 响应,所述认证响应为所述局端设备根据所述认证请求对所述终端设备进 行认证后返回的响应。  a first sending unit, configured to send, by using the intermediate device, an authentication request to the central office device, where the authentication request includes a physical line identifier of a branch physical line where the terminal device is located, and a physical line identifier of the branch physical line And the first receiving unit is configured to receive an authentication response that is sent by the central office device by using the intermediate device, where the authentication response is that the central office device is configured according to the authentication request. The response returned by the terminal device after authentication.
在第一种可能实现的方式中, 所述终端设备还包括:  In a first possible implementation manner, the terminal device further includes:
获取单元, 用于获取所述分支物理线路的物理线路标识;  An acquiring unit, configured to acquire a physical line identifier of the branch physical line;
所述第一发送单元,还用于发送所述分支物理线路的物理线路标识给 所述局端设备。  The first sending unit is further configured to send the physical line identifier of the branch physical line to the central office device.
结合第三方面, 在第二种可能实现的方式中, 所述认证请求还包括: 主干物理线路标识, 和 /或中间设备标识, 所述主干物理线路标识用于唯 一标识所述局端设备与所述中间设备之间的主干物理线路,所述中间设备 标识用于唯一标识所述中间设备。 第四方面, 提供一种局端设备, 包括: With reference to the third aspect, in a second possible implementation manner, the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify the central office device and a trunk physical line between the intermediate devices, the intermediate device identifier for uniquely identifying the intermediate device. The fourth aspect provides a central office device, including:
第二接收单元, 用于通过所述中间设备接收终端设备发送的认证请 求, 所述认证请求包括所述终端设备所在的分支物理线路的物理线路标 识, 所述分支物理线路的物理线路标识用于唯一标识所述分支物理线路; 处理单元, 用于根据所述分支物理线路的物理线路标识, 对所述终端 设备进行认证, 并通过所述中间设备返回认证响应给所述终端设备。  a second receiving unit, configured to receive, by using the intermediate device, an authentication request sent by the terminal device, where the authentication request includes a physical line identifier of a branch physical line where the terminal device is located, where the physical line identifier of the branch physical line is used The processing unit is configured to authenticate the terminal device according to the physical line identifier of the branch physical line, and return an authentication response to the terminal device by using the intermediate device.
在第一种可能实现的方式中, 所述第二接收单元, 还用于接收所述终 端设备发送的所述分支物理线路的物理线路标识并进行存储。  In a first possible implementation manner, the second receiving unit is further configured to receive and store a physical line identifier of the branch physical line sent by the terminal device.
结合第四方面的第一种可能实现的方式, 在第二种可能实现的方式 中, 所述处理单元, 具体用于判断所述认证请求中的物理线路标识与所述 存储的分支物理线路的物理线路标识是否相同;  With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner, the processing unit is specifically configured to determine a physical line identifier in the authentication request and the stored branch physical line Whether the physical line identifiers are the same;
若相同, 则认证通过; 否则, 认证不通过。  If they are the same, the authentication passes; otherwise, the authentication fails.
结合第四方面, 在第三种可能实现的方式中, 所述认证请求还包括: 主干物理线路标识, 和 /或中间设备标识, 所述主干物理线路标识用于唯 一标识所述局端设备与所述中间设备之间的主干物理线路,所述中间设备 标识用于唯一标识所述中间设备。  With reference to the fourth aspect, in a third possible implementation manner, the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify the central office device and a trunk physical line between the intermediate devices, the intermediate device identifier for uniquely identifying the intermediate device.
第五方面, 提供一种认证系统, 包括:  In a fifth aspect, an authentication system is provided, including:
局端设备、 中间设备、 至少一个终端设备; 所述局端设备通过所述中 间设备与所述至少一个终端设备进行连接,所述局端设备通过主干物理线 路与所述中间设备进行连接,所述中间设备通过多条分支物理线路分别与 所述至少一个终端设备进行连接, 其特征在于, 所述终端设备为上述提供 的终端设备, 所述局端设备为上述提供的局端设备。  a central office device, an intermediate device, and at least one terminal device; the central office device is connected to the at least one terminal device by using the intermediate device, and the central office device is connected to the intermediate device by using a trunk physical line. The intermediate device is connected to the at least one terminal device by using a plurality of branch physical lines, wherein the terminal device is the terminal device provided above, and the central office device is the central office device provided above.
本发明实施例提供的认证方法、 装置和系统, 采用上述方案后, 终端 设备通过中间设备向局端设备发送认证请求;终端设备接收局端设备通过 中间设备发送的认证响应,认证响应为局端设备根据认证请求对终端设备 进行认证后返回的响应。 这样, 使得当更换终端设备时, 由于, 局端设备 是根据相应的物理线路标识进行认证的,且连接局端设备与终端设备之间 的物理线路未更换,因此,局端设备不需要对更换后的终端设备进行认证, 避免了对更新的终端设备进行认证, 降低了系统的负担, 进而增加了系统 的性能。 After the foregoing method is adopted, the terminal device sends an authentication request to the central office device through the intermediate device, and the terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is the central office end. The response returned by the device after authenticating the terminal device according to the authentication request. In this way, when the terminal device is replaced, the central office device is authenticated according to the corresponding physical line identifier, and is connected between the central office device and the terminal device. The physical line is not replaced. Therefore, the central office device does not need to authenticate the replaced terminal device, which avoids the authentication of the updated terminal device, reduces the burden on the system, and increases the performance of the system.
附图说明 DRAWINGS
为了更清楚地说明本发明实施例的技术方案,下面将对实施例中所需 要使用的附图作筒单地介绍, 显而易见地, 下面描述中的附图仅仅是本发 明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动性 的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the embodiments will be briefly described below. Obviously, the drawings in the following description are only some embodiments of the present invention, Those skilled in the art can also obtain other drawings based on these drawings without paying creative labor.
图 1为本实施例提供的一种认证系统结构示意图;  FIG. 1 is a schematic structural diagram of an authentication system according to an embodiment of the present disclosure;
图 2 为本实施例提供的一种以终端设备为执行主体的认证方法流程 图;  2 is a flow chart of an authentication method using a terminal device as an execution subject according to the embodiment;
图 3 为本实施例提供的一种以局端设备为执行主体的认证方法流程 图;  FIG. 3 is a flow chart of an authentication method using a central office device as an execution subject according to the embodiment;
图 4为本实施例提供的一种认证方法流程图;  4 is a flowchart of an authentication method provided by this embodiment;
图 5为本实施例提供的另一种认证系统结构示意图;  FIG. 5 is a schematic structural diagram of another authentication system according to the embodiment;
图 6为本实施例提供的一种应用于光网络系统中的认证方法流程图; 图 7为本实施例提供的一种终端设备结构示意图;  FIG. 6 is a flowchart of an authentication method applied to an optical network system according to an embodiment of the present invention; FIG. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present disclosure;
图 8为本实施例提供的另一种终端设备结构示意图;  FIG. 8 is a schematic structural diagram of another terminal device according to the embodiment;
图 9为本实施例提供的一种局端设备结构示意图。  FIG. 9 is a schematic structural diagram of a central office device according to an embodiment of the present disclosure.
具体实施方式 detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进 行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没 有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的 范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in conjunction with the drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本实施例提供一种认证方法, 可应用于 P2MP点到多点系统中, 如图 1所示, 可以包括: 局端设备、 中间设备、 至少一个终端设备; 局端设备 通过中间设备与至少一个终端设备进行连接,局端设备通过主干物理线路 与中间设备进行连接,中间设备通过多条分支物理线路分别与至少一个终 端设备进行连接; 该方法的执行主体可以为终端设备, 如图 2所示, 可以 包括: The embodiment provides an authentication method, which can be applied to a P2MP point-to-multipoint system. As shown in FIG. 1, the method can include: a central office device, an intermediate device, and at least one terminal device; The intermediate device is connected to the at least one terminal device through the intermediate device, and the central office device is connected to the intermediate device through the trunk physical line, and the intermediate device is respectively connected to the at least one terminal device through multiple branch physical lines; the execution body of the method may be the terminal device As shown in Figure 2, it can include:
2 0 1、 终端设备通过中间设备向局端设备发送认证请求, 认证请求包 括终端设备所在的分支物理线路的物理线路标识,分支物理线路的物理线 路标识用于唯一标识分支物理线路;  The terminal device sends an authentication request to the central office device through the intermediate device, where the authentication request includes the physical line identifier of the branch physical line where the terminal device is located, and the physical line identifier of the branch physical line is used to uniquely identify the branch physical line.
2 02、 终端设备接收局端设备通过中间设备发送的认证响应, 认证响 应为局端设备根据认证请求对终端设备进行认证后返回的响应。  2 02. The terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
本实施例对 P 2MP和中间设备的功能不作限定, 为本领域技术人员熟 知的技术, 例如, 中间设备可以但不限于用于分路, 在此不再赘述。  The present embodiment is not limited to the functions of the P2MP and the intermediate device. For example, the intermediate device may be, but not limited to, used for splitting, and details are not described herein again.
采用上述方案后, 终端设备通过中间设备向局端设备发送认证请求; 终端设备接收局端设备通过中间设备发送的认证响应,认证响应为局端设 备根据认证请求对终端设备进行认证后返回的响应。 这样, 使得当更换终 端设备时, 由于, 局端设备是根据相应的物理线路标识进行认证的, 且连 接局端设备与终端设备之间的物理线路未更换, 因此, 局端设备不需要对 更换后的终端设备进行认证, 避免了对更新的终端设备进行认证, 降低了 系统的负担, 进而增加了系统的性能。  After the foregoing solution, the terminal device sends an authentication request to the central office device through the intermediate device; the terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request. . In this way, when the terminal device is replaced, since the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced, the central office device does not need to be replaced. After the terminal device is authenticated, the authentication of the updated terminal device is avoided, the burden on the system is reduced, and the performance of the system is increased.
本实施例提供另一种认证方法, 可应用于 P 2MP点到多点系统中, 如 图 1所示, 可以包括: 局端设备、 中间设备、 至少一个终端设备; 局端设 备通过中间设备与至少一个终端设备进行连接,局端设备通过主干物理线 路与中间设备进行连接,中间设备通过多条分支物理线路分别与至少一个 终端设备进行连接; 该方法的执行主体可以为局端设备, 如图 3所示, 可 以包括:  This embodiment provides another authentication method, which can be applied to a P 2MP point-to-multipoint system. As shown in FIG. 1 , the method may include: a central office device, an intermediate device, and at least one terminal device; The at least one terminal device is connected, and the central office device is connected to the intermediate device through the trunk physical line, and the intermediate device is connected to the at least one terminal device through multiple branch physical lines. The execution body of the method may be the central office device, as shown in the figure. As shown in 3, it can include:
3 0 1、 局端设备通过中间设备接收终端设备发送的认证请求, 认证请 求包括终端设备所在的分支物理线路的物理线路标识,分支物理线路的物 理线路标识用于唯一标识分支物理线路; 302、 局端设备根据分支物理线路的物理线路标识, 对终端设备进行 认证, 并通过中间设备返回认证响应给终端设备。 3: The central office device receives the authentication request sent by the terminal device by using the intermediate device, where the authentication request includes the physical line identifier of the branch physical line where the terminal device is located, and the physical line identifier of the branch physical line is used to uniquely identify the branch physical line. 302. The central office device authenticates the terminal device according to the physical line identifier of the branch physical line, and returns an authentication response to the terminal device by using the intermediate device.
采用上述方案后,局端设备通过中间设备接收终端设备发送的认证请 求; 局端设备根据分支物理线路的物理线路标识, 对终端设备进行认证, 并通过中间设备返回认证响应给终端设备。这样,使得当更换终端设备时, 由于, 局端设备是根据相应的物理线路标识进行认证的, 且连接局端设备 与终端设备之间的物理线路未更换, 因此, 局端设备不需要对更换后的终 端设备进行认证,避免了对更新的终端设备进行认证,降低了系统的负担, 进而增加了系统的性能。  After the foregoing solution is adopted, the central office device receives the authentication request sent by the terminal device through the intermediate device; the central office device authenticates the terminal device according to the physical line identifier of the branch physical line, and returns an authentication response to the terminal device through the intermediate device. In this way, when the terminal device is replaced, the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced. Therefore, the central office device does not need to be replaced. The latter terminal device performs authentication, which avoids the authentication of the updated terminal device, reduces the burden on the system, and further increases the performance of the system.
本实施例提供另一种认证方法,该方法是对图 2和图 3所示的方法的 进一步扩展, 如图 4所示, 可以包括:  This embodiment provides another authentication method, which is a further extension of the method shown in FIG. 2 and FIG. 3. As shown in FIG. 4, the method may include:
401、 终端设备通过中间设备向局端设备发送认证请求。  401. The terminal device sends an authentication request to the central office device by using the intermediate device.
认证请求可以包括但不限于终端设备所在的分支物理线路的物理线 路标识, 分支物理线路的物理线路标识用于唯一标识分支物理线路; 认证 请求还可以包括: 终端设备所需的业务信息、 终端设备的标识、 终端设备 的地址等。  The authentication request may include, but is not limited to, the physical line identifier of the branch physical line where the terminal device is located, and the physical line identifier of the branch physical line is used to uniquely identify the branch physical line. The authentication request may further include: service information required by the terminal device, and the terminal device The identity of the terminal device, etc.
本实施例对认证请求中包含的内容不作限定,可以根据实际需要进行 设定, 在此不再赘述。  In this embodiment, the content included in the authentication request is not limited, and may be set according to actual needs, and details are not described herein again.
在终端设备发送认证请求之前,终端设备还需要获取分支物理线路的 物理线路标识,并且终端设备发送分支物理线路的物理线路标识给局端设 备。  Before the terminal device sends the authentication request, the terminal device also needs to obtain the physical line identifier of the branch physical line, and the terminal device sends the physical line identifier of the branch physical line to the central office device.
进一步的, 分支物理线路可以为但不限于分支光纤, 物理线路标识可 以为但不限于光纤标识。  Further, the branch physical line may be, but not limited to, a branch fiber, and the physical line identifier may be, but not limited to, a fiber identifier.
则此时, 作为本实施例的一种实施方式, 终端设备获取所在的分支物 理线路的物理线路标识可以包括: 当终端设备与分支光纤连接完成后, 可 以从连接的分支光纤中获取到分支光纤标识。  In this case, as an implementation manner of the embodiment, the physical line identifier of the branch physical line where the terminal device obtains may include: after the terminal device is connected to the branch fiber, the branch fiber may be obtained from the connected branch fiber. Logo.
不同的光纤可以设置不同的光传导参数,使得通过不同光纤传输数据 的方式不同, 因此, 可以根据光传导参数来区分不同的光纤; 另外, 不同 光纤 I D也不同, 还可以根据光纤 I D来区分不同的光纤 Different optical fibers can be set with different optical transmission parameters, so that data can be transmitted through different optical fibers. Different ways, therefore, different optical fibers can be distinguished according to optical transmission parameters; in addition, different optical fiber IDs are different, and different optical fibers can be distinguished according to optical fiber IDs.
作为本实施例的一种实施方式, 分支光纤标识可以为但不限于: 传输 认证请求时的光传导参数, 或者, 为传输认证请求的分支光纤 I D。 其中, 终端设备可以从分支光纤插头中获取到编码信息,该编码信息即为分支光 If I D。  As an implementation manner of this embodiment, the branch fiber identifier may be, but not limited to, a light transmission parameter when transmitting the authentication request, or a branch fiber ID that is a transmission authentication request. The terminal device can obtain the encoded information from the branch fiber plug, and the coded information is the branch light If I D .
本实施例对终端获取光传导参数和分支光纤 I D的方法不作限定, 为 本领域技术人员熟知的技术, 在此不再赘述。  The method for obtaining the optical conduction parameter and the branch fiber I D of the terminal is not limited in this embodiment, and is a technology well known to those skilled in the art, and details are not described herein again.
本实施例对分支光纤标识不作限定, 可以根据实际需要进行设定, 在 此不再赘述。  In this embodiment, the branch fiber identifier is not limited, and may be set according to actual needs, and details are not described herein again.
进一步的, 终端设备获取到分支光纤标识后, 还可以发送该分支光纤 标识给局端设备, 以便局端设备进行存储。  Further, after the terminal device obtains the branch fiber identifier, the terminal device may also send the branch fiber identifier to the central office device for storage by the central office device.
进一步的, 认证请求还可以包括但不限于: 主干物理线路标识, 和 / 或中间设备标识,主干物理线路标识用于唯一标识局端设备与中间设备之 间的主干物理线路, 中间设备标识用于唯一标识中间设备。  Further, the authentication request may further include, but is not limited to: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify a trunk physical line between the central office device and the intermediate device, and the intermediate device identifier is used for Uniquely identifies the intermediate device.
作为本实施例的一种实施方式,主干物理线路可以为但不限于主干光 纤, 其中, 主干物理线路的物理线路标识也可以为但不限于: 光纤 I D、 或主干光纤的光传导参数等。  As an embodiment of the present embodiment, the trunk physical line may be, but not limited to, a trunk fiber. The physical line identifier of the trunk physical line may also be, but not limited to, an optical fiber ID, or a light transmission parameter of the backbone fiber.
作为本实施例的一种实施方式,终端设备通过中间设备向局端设备发 送认证请求可以包括但不限于: 当终端设备与光纤相连接后, 主动触发终 端设备向局端设备发送认证请求; 或者, 当终端设备与光纤相连接并启动 某认证程序后, 触发终端设备向局端设备发送认证请求。  As an implementation manner of this embodiment, the terminal device sending the authentication request to the central office device by using the intermediate device may include, but is not limited to:: when the terminal device is connected to the optical fiber, the terminal device is actively triggered to send an authentication request to the central office device; or After the terminal device is connected to the optical fiber and starts an authentication procedure, the terminal device is triggered to send an authentication request to the central office device.
402、 局端设备通过中间设备接收终端设备发送的认证请求。  402. The central office device receives an authentication request sent by the terminal device by using the intermediate device.
403、 局端设备根据分支物理线路的物理线路标识, 对终端设备进行 认证。  403. The central office device authenticates the terminal device according to the physical line identifier of the branch physical line.
作为本实施例的一种实施方式,局端设备根据分支物理线路的物理线 路标识, 对终端设备进行认证还可以包括但不限于: 局端设备判断认证请求中的物理线路标识与存储的分支物理线路的 物理线路标识是否相同; 若相同, 则认证通过; 否则, 认证不通过。 As an implementation manner of this embodiment, the central office device may further include, according to the physical line identifier of the branch physical line, the terminal device, including but not limited to: The central office device determines whether the physical line identifier in the authentication request is the same as the physical line identifier of the stored branch physical line; if the same, the authentication passes; otherwise, the authentication fails.
其中,该存储的分支物理线路的物理线路标识可以是终端设备在获取 到分支物理线路的物理线路标识后向局端设备发送后存储的。  The physical line identifier of the stored branch physical line may be stored by the terminal device after being sent to the central office device after acquiring the physical line identifier of the branch physical line.
本实施例对局端设备对终端设备进行认证的方法不作限定,为本领域 技术人员熟知的技术, 且可以根据实际需要进行设定, 在此不再赘述。  In this embodiment, the method for authenticating the terminal device by the central office device is not limited, and is a technology well known to those skilled in the art, and may be set according to actual needs, and details are not described herein again.
进一步可选的, 若认证请求中还包括: 主干物理线路标识, 和 /或中 间设备标识, 则局端设备可以根据分支物理线路的物理线路标识、 主干物 理线路的物理线路标识或中间设备标识对终端设备进行认证。  Further, if the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, the central office device may be based on the physical line identifier of the branch physical line, the physical line identifier of the trunk physical line, or the intermediate device identifier pair. The terminal device performs authentication.
本实施例对局端设备对终端设备进行认证的方法不作限定,为本领域 技术人员熟知的技术, 可以根据实际需要进行设定, 在此不再赘述。  In this embodiment, the method for authenticating the terminal device by the central office device is not limited, and is a technology that is well known to those skilled in the art, and may be set according to actual needs, and details are not described herein again.
404、 局端设备通过中间设备向终端设备发送认证响应。  404. The central office device sends an authentication response to the terminal device by using the intermediate device.
当终端设备接收到的认证响应用于描述该终端设备是否通过认证,若 通过认证, 则终端开始通信; 当终端设备接收到的认证响应用于描述未通 过认证, 则终端设备可以但不限于再次向局端设备发送认证请求。  When the authentication response received by the terminal device is used to describe whether the terminal device passes the authentication, if the authentication is passed, the terminal starts to communicate; when the authentication response received by the terminal device is used to describe the failed authentication, the terminal device may be, but is not limited to, Send an authentication request to the central office device.
作为本实施例的一种实施方式,当与某分支物理线路连接的终端设备 更换时,局端设备检测接收到的更新后的终端设备发送的认证请求中包含 的传输该认证请求的物理线路标识是否已通过认证, 若已通过认证, 则直 接向终端设备发送用于描述认证成功的认证响应; 若未通过认证, 则根据 认证请求包含的物理线路标识对更新后的终端设备进行认证,并发送认证 响应。  As an embodiment of the present embodiment, when the terminal device connected to a branch physical line is replaced, the central office device detects the physical line identifier that is included in the received authentication request sent by the updated terminal device and transmits the authentication request. If the authentication has passed, the authentication response is successfully sent to the terminal device to describe the authentication success. If the authentication fails, the updated terminal device is authenticated according to the physical line identifier included in the authentication request, and sent. Certification response.
本实施例对局端设备对终端设备进行认证的方法不作限定,为本领域 技术人员熟知的技术, 在此不再赘述。  The method for authenticating the terminal device by the central office device is not limited in this embodiment, and is a technology well known to those skilled in the art, and details are not described herein again.
采用上述方案后, 终端设备通过中间设备向局端设备发送认证请求; 终端设备接收局端设备通过中间设备发送的认证响应,认证响应为局端设 备根据认证请求对终端设备进行认证后返回的响应。 这样, 使得当更换终 端设备时, 由于, 局端设备是根据相应的物理线路标识进行认证的, 且连 接局端设备与终端设备之间的物理线路未更换, 因此, 局端设备不需要对 更换后的终端设备进行认证, 避免了对更新的终端设备进行认证, 降低了 系统的负担, 进而增加了系统的性能。 After the foregoing solution, the terminal device sends an authentication request to the central office device through the intermediate device; the terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request. . In this way, when the terminal device is replaced, since the central office device is authenticated according to the corresponding physical line identifier, and The physical line between the receiving end device and the terminal device is not replaced. Therefore, the central office device does not need to authenticate the replaced terminal device, thereby avoiding the authentication of the updated terminal device, thereby reducing the burden on the system, thereby increasing the burden. System performance.
进一步的, 终端设备可以为 0冊 ( Optical Network Unit, 光网络单 元), 局端设备可以为 OLT ( optical line terminal, 光线路终端), 中 间设备可以为分光器。  Further, the terminal device may be an optical network unit (Optical Network Unit), the central office device may be an optical line terminal (OLT), and the intermediate device may be a splitter.
本实施例提供一种认证方法, 可以但不限于应用于光网络系统, 如图 5所示, 光网络系统包括: 至少一个 0NU光接入终端设备、 0LT光接入头 端设备、 分光器; 0LT通过主干光纤与分光器相连接, 分光器通过多条分 支光纤分别与至少一个 0NU进行连接, 其特征在于, 主干光纤与分支光纤 均被配置有光纤标识; 如图 6所示, 该方法包括:  The embodiment provides an authentication method, which may be, but is not limited to, being applied to an optical network system. As shown in FIG. 5, the optical network system includes: at least one ONU optical access terminal device, 0LT optical access head end device, and optical splitter; The 0LT is connected to the optical splitter through the main fiber, and the optical splitter is respectively connected to the at least one ONU through the plurality of branch fibers, wherein the main fiber and the branch fiber are both configured with the optical fiber identifier; as shown in FIG. 6, the method includes :
601、 0冊通过分光器向 0LT发送认证请求, 认证请求包括传输认证 请求的主干光纤与分支光纤的光纤标识;  601, 0 sends an authentication request to the 0LT through the optical splitter, and the authentication request includes the optical fiber identifier of the backbone fiber and the branch fiber for transmitting the authentication request;
602、 0LT接收 0冊通过分光器发送的认证请求, 认证请求包括传输 认证请求的主干光纤与分支光纤的光纤标识;  602, 0LT receives an authentication request sent by the optical splitter, and the authentication request includes a fiber identifier of the backbone fiber and the branch fiber for transmitting the authentication request;
603、 根据相应的传输认证请求的主干光纤与分支光纤的光纤标识分 别对 0NU进行认证;  603. Perform authentication on the 0NU according to the fiber identifiers of the trunk fiber and the branch fiber according to the corresponding transmission authentication request.
604、 通过分光器向 0NU发送认证响应;  604. Send an authentication response to the 0NU through the optical splitter.
605、 接收 0LT通过分光器发送的认证响应。  605. Receive an authentication response sent by the 0LT through the optical splitter.
本实施例对光网络系统和分光器不作限定,为本领域技术人员熟知的 技术, 在此不再赘述。  The optical network system and the optical splitter are not limited in this embodiment, and are well known to those skilled in the art, and are not described herein again.
下面提供一些具体场景进行说明。  Here are some specific scenarios to illustrate.
如图 5所示, 0LT与六个 0NU相连接, 每根主干光纤用于通过分光器 连接三根分支光纤, 每根分支光纤用于连接一个 0冊。  As shown in Figure 5, 0LT is connected to six 0NUs. Each trunk fiber is used to connect three branch fibers through a splitter, and each branch fiber is used to connect a volume.
进一步可选的, 0冊与 0LT之间还可以不存在主干光纤, 只通过分支 光纤直接相连接。  Further, optionally, there is no backbone fiber between the 0 volume and the 0LT, and only the branch fibers are directly connected.
作为本实施例的一种实施方式, 以 0NU1为例, 认证的具体的步骤可 以包括: As an implementation manner of this embodiment, taking 0NU1 as an example, the specific steps of the authentication may be To include:
0NU 1通过分支光纤 1和主干光纤 1向 0LT发送认证请求, 认证请求 中包含分支光纤 1和主干光纤 1的光纤标识; 0LT根据分支光纤 1和主干 光纤 1的光纤标识对 0NU 1进行认证, 并向 0NU 1发送认证响应; 若认证通 过, 则 0NU 1可以进行通信。  0NU 1 sends an authentication request to the OLT through the branch fiber 1 and the backbone fiber 1. The authentication request includes the fiber identifiers of the branch fiber 1 and the backbone fiber 1; 0LT authenticates the ONU 1 according to the fiber identifiers of the branch fiber 1 and the backbone fiber 1, and The authentication response is sent to the ONU 1; if the authentication is passed, the ONU 1 can communicate.
本场景中, 由于 0LT是根据分支光纤 1 和主干光纤 1 的光纤标识对 0NU 1进行认证, 因此, 当 0NU 1被替换为 0NU7 时, 还是由分支光纤 1和 主干光纤 1传输 0冊7发送的认证请求, 因此, 0LT不需要对 0NU7进行认 证, 可以直接向 0NU7发送用于描述认证通过的认证响应。  In this scenario, since 0LT authenticates 0NU 1 according to the fiber identifiers of branch fiber 1 and trunk fiber 1, when 0NU 1 is replaced with 0NU7, it is transmitted by branch fiber 1 and trunk fiber 1 The authentication request, therefore, 0LT does not need to authenticate to the ONU7, and can directly send an authentication response for the authentication pass to the ONU7.
本实施例不限于上述提供场景, 还可以应用于其他场景中, 在此不再 赘述。  This embodiment is not limited to the foregoing scenario, and may be applied to other scenarios, and details are not described herein again.
采用上述方案后, 使得当更换 0NU时, 由于, 0LT是根据相应的传输 认证请求的主干光纤与分支光纤的光纤标识对 0冊 进行认证的, 且连接 0LT与 0NU之间的物理线路未更换,因此,局端设备不需要对更换后的 0NU 进行认证, 避免了对更新的 0NU进行认证, 降低了系统的负担, 进而增加 了系统的性能。  After the above solution is adopted, when the ONU is replaced, the 0LT is authenticated according to the optical fiber identifier of the trunk fiber and the branch fiber according to the corresponding transmission authentication request, and the physical line between the 0LT and the ONU is not replaced. Therefore, the central office device does not need to authenticate the replaced ONU, which avoids the authentication of the updated ONU, reduces the burden on the system, and thus increases the performance of the system.
下面提供一些装置实施例,该装置实施例分别与上述提供的相应的方 法实施例相对应。  Some apparatus embodiments are provided below that correspond to the respective method embodiments provided above.
本实施例提供一种终端设备, 如图 7所示, 终端设备可以包括: 发送单元 7 1 , 用于通过中间设备向局端设备发送认证请求, 认证请 求包括终端设备所在的分支物理线路的物理线路标识,分支物理线路的物 理线路标识用于唯一标识分支物理线路;  The embodiment provides a terminal device. As shown in FIG. 7, the terminal device may include: a sending unit 7 1 configured to send an authentication request to the central office device by using the intermediate device, where the authentication request includes the physical of the branch physical line where the terminal device is located. The line identifier, the physical line identifier of the branch physical line is used to uniquely identify the branch physical line;
第一接收单元 72 , 用于接收局端设备通过中间设备发送的认证响应, 认证响应为局端设备根据认证请求对终端设备进行认证后返回的响应。  The first receiving unit 72 is configured to receive an authentication response sent by the central office device by using the intermediate device, where the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
采用上述方案后, 发送单元通过中间设备向局端设备发送认证请求; 第一接收单元接收局端设备通过中间设备发送的认证响应,认证响应为局 端设备根据认证请求对终端设备进行认证后返回的响应。 这样, 使得当更 换终端设备时, 由于, 局端设备是根据相应的物理线路标识进行认证的, 且连接局端设备与终端设备之间的物理线路未更换, 因此, 局端设备不需 要对更换后的终端设备进行认证, 避免了对更新的终端设备进行认证, 降 低了系统的负担, 进而增加了系统的性能。 After the foregoing solution, the sending unit sends an authentication request to the central office device through the intermediate device; the first receiving unit receives the authentication response sent by the central office device through the intermediate device, and the authentication response is that the central office device performs authentication on the terminal device according to the authentication request, and then returns. the response to. This makes it even more When the terminal device is changed, the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced. Therefore, the central office device does not need to replace the replaced terminal device. By performing authentication, the authentication of the updated terminal device is avoided, the burden on the system is reduced, and the performance of the system is increased.
本实施例提供另一种终端设备,该终端设备是对图 8所示的终端设备 的进一步扩展, 如图 8所示, 可以包括:  This embodiment provides another terminal device, which is a further extension of the terminal device shown in FIG. 8. As shown in FIG. 8, the terminal device may include:
发送单元 81 , 用于通过中间设备向局端设备发送认证请求, 认证请 求包括终端设备所在的分支物理线路的物理线路标识,分支物理线路的物 理线路标识用于唯一标识分支物理线路;  The sending unit 81 is configured to send an authentication request to the central office device by using the intermediate device, where the authentication request includes a physical line identifier of the branch physical line where the terminal device is located, and the physical line identifier of the branch physical line is used to uniquely identify the branch physical line;
第一接收单元 82 , 用于接收局端设备通过中间设备发送的认证响应, 认证响应为局端设备根据认证请求对终端设备进行认证后返回的响应。  The first receiving unit 82 is configured to receive an authentication response sent by the central office device by using the intermediate device, where the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
进一步的, 终端设备还包括:  Further, the terminal device further includes:
获取单元 83 , 用于获取分支物理线路的物理线路标识;  An obtaining unit 83, configured to acquire a physical line identifier of the branch physical line;
发送单元 81 , 还用于发送分支物理线路的物理线路标识给局端设备。 进一步的, 认证请求还包括: 主干物理线路标识, 和 /或中间设备标 识,主干物理线路标识用于唯一标识局端设备与中间设备之间的主干物理 线路, 中间设备标识用于唯一标识中间设备。  The sending unit 81 is further configured to send the physical line identifier of the branch physical line to the central office device. Further, the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify a trunk physical line between the central office device and the intermediate device, and the intermediate device identifier is used to uniquely identify the intermediate device. .
采用上述方案后, 发送单元通过中间设备向局端设备发送认证请求; 第一接收单元接收局端设备通过中间设备发送的认证响应,认证响应为局 端设备根据认证请求对终端设备进行认证后返回的响应。 这样, 使得当更 换终端设备时, 由于, 局端设备是根据相应的物理线路标识进行认证的, 且连接局端设备与终端设备之间的物理线路未更换, 因此, 局端设备不需 要对更换后的终端设备进行认证, 避免了对更新的终端设备进行认证, 降 低了系统的负担, 进而增加了系统的性能。  After the foregoing solution, the sending unit sends an authentication request to the central office device through the intermediate device; the first receiving unit receives the authentication response sent by the central office device through the intermediate device, and the authentication response is that the central office device performs authentication on the terminal device according to the authentication request, and then returns. the response to. In this way, when the terminal device is replaced, since the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced, the central office device does not need to be replaced. After the terminal device is authenticated, the authentication of the updated terminal device is avoided, the burden on the system is reduced, and the performance of the system is increased.
本实施例提供一种局端设备, 如图 9所示, 局端设备可以包括: 第二接收单元 91 , 用于通过中间设备接收终端设备发送的认证请求, 认证请求包括终端设备所在的分支物理线路的物理线路标识,分支物理线 路的物理线路标识用于唯一标识分支物理线路; The embodiment provides a central office device. As shown in FIG. 9, the central office device may include: a second receiving unit 91, configured to receive, by using an intermediate device, an authentication request sent by the terminal device, where the authentication request includes a branch physics where the terminal device is located. Physical line identification of the line, branch physical line The physical line identifier of the road is used to uniquely identify the branch physical line;
处理单元 92 , 用于根据分支物理线路的物理线路标识, 对终端设备 进行认证, 并通过中间设备返回认证响应给终端设备。  The processing unit 92 is configured to perform authentication on the terminal device according to the physical line identifier of the branch physical line, and return an authentication response to the terminal device by using the intermediate device.
进一步的, 第二接收单元 91 , 还用于接收终端设备发送的分支物理 线路的物理线路标识并进行存储。  Further, the second receiving unit 91 is further configured to receive and store the physical line identifier of the branch physical line sent by the terminal device.
进一步的, 处理单元 92 , 具体用于判断认证请求中的物理线路标识 与存储的分支物理线路的物理线路标识是否相同;  Further, the processing unit 92 is specifically configured to determine whether the physical line identifier in the authentication request is the same as the physical line identifier of the stored branch physical line;
若相同, 则认证通过; 否则, 认证不通过。  If they are the same, the authentication passes; otherwise, the authentication fails.
进一步的, 认证请求还包括: 主干物理线路标识, 和 /或中间设备标 识,主干物理线路标识用于唯一标识局端设备与中间设备之间的主干物理 线路, 中间设备标识用于唯一标识中间设备。  Further, the authentication request further includes: a trunk physical line identifier, and/or an intermediate device identifier, where the trunk physical line identifier is used to uniquely identify a trunk physical line between the central office device and the intermediate device, and the intermediate device identifier is used to uniquely identify the intermediate device. .
采用上述方案后,第二接收单元通过中间设备接收终端设备发送的认 证请求; 处理单元根据分支物理线路的物理线路标识, 对终端设备进行认 证, 并通过中间设备返回认证响应给终端设备。 这样, 使得当更换终端设 备时, 由于, 局端设备是根据相应的物理线路标识进行认证的, 且连接局 端设备与终端设备之间的物理线路未更换, 因此, 局端设备不需要对更换 后的终端设备进行认证, 避免了对更新的终端设备进行认证, 降低了系统 的负担, 进而增加了系统的性能。  After the foregoing solution, the second receiving unit receives the authentication request sent by the terminal device by using the intermediate device; the processing unit authenticates the terminal device according to the physical line identifier of the branch physical line, and returns an authentication response to the terminal device by using the intermediate device. In this way, when the terminal device is replaced, since the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced, the central office device does not need to be replaced. After the terminal device is authenticated, the authentication of the updated terminal device is avoided, the burden on the system is reduced, and the performance of the system is increased.
本实施例提供一种认证系统, 如图 1所示, 可以包括: 局端设备 1 2、 中间设备 1 3、 至少一个终端设备 1 1 ;  This embodiment provides an authentication system, as shown in FIG. 1, which may include: a central office device 1 2, an intermediate device 1 3, at least one terminal device 1 1;
局端设备 1 2通过中间设备 1 3与至少一个终端设备 1 1进行连接, 局 端设备 1 2通过主干物理线路与中间设备 1 3进行连接, 中间设备 1 3通过 多条分支物理线路分别与至少一个终端设备 1 1 进行连接, 终端设备 1 1 可以为图 7或图 8所示的终端设备, 局端设备 1 2可以为图 9所示的光线 路终端。  The central office device 1 2 is connected to the at least one terminal device 11 through the intermediate device 13 , and the central office device 12 is connected to the intermediate device 13 through the trunk physical line, and the intermediate device 13 respectively and at least through the plurality of branch physical lines A terminal device 1 1 is connected, and the terminal device 1 1 may be the terminal device shown in FIG. 7 or FIG. 8 , and the central office device 12 may be the optical line terminal shown in FIG. 9 .
采用上述方案后, 终端设备通过中间设备向局端设备发送认证请求; 终端设备接收局端设备通过中间设备发送的认证响应,认证响应为局端设 备根据认证请求对终端设备进行认证后返回的响应。 这样, 使得当更换终 端设备时, 由于, 局端设备是根据相应的物理线路标识进行认证的, 且连 接局端设备与终端设备之间的物理线路未更换, 因此, 局端设备不需要对 更换后的终端设备进行认证, 避免了对更新的终端设备进行认证, 降低了 系统的负担, 进而增加了系统的性能。 After the foregoing solution, the terminal device sends an authentication request to the central office device through the intermediate device; the terminal device receives the authentication response sent by the central office device through the intermediate device, and the authentication response is the central office setting. The response returned after the terminal device is authenticated according to the authentication request. In this way, when the terminal device is replaced, since the central office device is authenticated according to the corresponding physical line identifier, and the physical line connecting the central office device and the terminal device is not replaced, the central office device does not need to be replaced. After the terminal device is authenticated, the authentication of the updated terminal device is avoided, the burden on the system is reduced, and the performance of the system is increased.
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到 本发明可借助软件加必需的通用硬件的方式来实现, 当然也可以通过硬 件, 但很多情况下前者是更佳的实施方式。 基于这样的理解, 本发明的技 术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式 体现出来, 该计算机软件产品存储在可读取的存储介质中, 如计算机的软 盘, 硬盘或光盘等, 包括若干指令用以使得一台计算机设备(可以是个人 计算机, 服务器, 或者网络设备等) 执行本发明各个实施例所述的方法。  Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus necessary general hardware, and of course, by hardware, but in many cases, the former is a better implementation. . Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer. A hard disk or optical disk or the like includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并不局 限于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可 轻易想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明 的保护范围应所述以权利要求的保护范围为准。  The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.

Claims

权 利 要 求 书 claims
1、 一种认证方法, 所述认证方法应用于点到多点系统中, 包括: 局端 设备、 中间设备、 至少一个终端设备; 所述局端设备通过所述中间设备与 所述至少一个终端设备进行连接, 所述局端设备通过主干物理线路与所述 中间设备进行连接, 所述中间设备通过多条分支物理线路分别与所述至少 一个终端设备进行连接, 其特征在于, 所述方法包括: 1. An authentication method, the authentication method is applied in a point-to-multipoint system, including: a central office device, an intermediate device, and at least one terminal device; the central office device communicates with the at least one terminal through the intermediate device The central office device is connected to the intermediate device through a trunk physical line, and the intermediate device is respectively connected to the at least one terminal device through a plurality of branch physical lines. The method is characterized in that: :
所述终端设备通过所述中间设备向所述局端设备发送认证请求, 所述 认证请求包括所述终端设备所在的分支物理线路的物理线路标识, 所述分 支物理线路的物理线路标识用于唯一标识所述分支物理线路; The terminal device sends an authentication request to the central office device through the intermediate device. The authentication request includes the physical line identifier of the branch physical line where the terminal device is located. The physical line identifier of the branch physical line is used to uniquely Identify the branch physical line;
所述终端设备接收所述局端设备通过所述中间设备发送的认证响应, 所述认证响应为所述局端设备根据所述认证请求对所述终端设备进行认证 后返回的响应。 The terminal device receives an authentication response sent by the central office device through the intermediate device, and the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
2、 根据权利要求 1所述的认证方法, 其特征在于, 所述方法还包括: 所述终端设备获取所述分支物理线路的物理线路标识; 2. The authentication method according to claim 1, characterized in that, the method further includes: the terminal device obtains the physical line identifier of the branch physical line;
所述终端设备发送所述分支物理线路的物理线路标识给所述局端设 备。 The terminal device sends the physical line identification of the branch physical line to the central office device.
3、 根据权利要求 1所述的认证方法, 其特征在于, 所述认证请求还包 括: 主干物理线路标识, 和 /或中间设备标识, 所述主干物理线路标识用于 唯一标识所述局端设备与所述中间设备之间的主干物理线路, 所述中间设 备标识用于唯一标识所述中间设备。 3. The authentication method according to claim 1, wherein the authentication request further includes: a backbone physical line identifier, and/or an intermediate device identifier, and the backbone physical line identifier is used to uniquely identify the central office device. The backbone physical line between the intermediate device and the intermediate device, and the intermediate device identifier is used to uniquely identify the intermediate device.
4、 一种认证方法, 所述认证方法应用于点到多点系统中, 包括: 局端 设备、 中间设备、 至少一个终端设备; 所述局端设备通过所述中间设备与 所述至少一个终端设备进行连接, 所述局端设备通过主干物理线路与所述 中间设备进行连接, 所述中间设备通过多条分支物理线路分别与所述至少 一个终端设备进行连接, 其特征在于, 所述方法包括: 4. An authentication method, the authentication method is applied in a point-to-multipoint system, including: a central office device, an intermediate device, and at least one terminal device; the central office device communicates with the at least one terminal through the intermediate device The central office device is connected to the intermediate device through a trunk physical line, and the intermediate device is respectively connected to the at least one terminal device through a plurality of branch physical lines. The method is characterized in that: :
所述局端设备通过所述中间设备接收所述终端设备发送的认证请求, 所述认证请求包括所述终端设备所在的分支物理线路的物理线路标识, 所 述分支物理线路的物理线路标识用于唯一标识所述分支物理线路; 所述局端设备根据所述分支物理线路的物理线路标识, 对所述终端设 备进行认证, 并通过所述中间设备返回认证响应给所述终端设备。 The central office device receives the authentication request sent by the terminal device through the intermediate device, and the authentication request includes the physical line identification of the branch physical line where the terminal device is located, so The physical line identifier of the branch physical line is used to uniquely identify the branch physical line; the central office device authenticates the terminal device according to the physical line identifier of the branch physical line, and returns authentication through the intermediate device Respond to the terminal device.
5、 根据权利要求 4所述的认证方法, 其特征在于, 所述认证方法还包 括: 5. The authentication method according to claim 4, characterized in that the authentication method further includes:
所述局端设备接收所述终端设备发送的所述分支物理线路的物理线路 标识并进行存储。 The central office device receives the physical line identification of the branch physical line sent by the terminal device and stores it.
6、 根据权利要求 5所述的认证方法, 其特征在于, 所述局端设备根据 所述分支物理线路的物理线路标识, 对所述终端设备认证具体包括: 6. The authentication method according to claim 5, wherein the central office device authenticates the terminal device according to the physical line identification of the branch physical line, specifically including:
所述局端设备判断所述认证请求中的物理线路标识与所述存储的分支 物理线路的物理线路标识是否相同; The central office device determines whether the physical line identifier in the authentication request is the same as the physical line identifier of the stored branch physical line;
若相同, 则认证通过; 否则, 认证不通过。 If they are the same, the authentication passes; otherwise, the authentication fails.
7、 根据权利要求 4所述的认证方法, 其特征在于, 所述认证请求还包 括: 主干物理线路标识, 和 /或中间设备标识, 所述主干物理线路标识用于 唯一标识所述局端设备与所述中间设备之间的主干物理线路, 所述中间设 备标识用于唯一标识所述中间设备。 7. The authentication method according to claim 4, wherein the authentication request further includes: a backbone physical line identifier, and/or an intermediate device identifier, and the backbone physical line identifier is used to uniquely identify the central office device. The backbone physical line between the intermediate device and the intermediate device, and the intermediate device identifier is used to uniquely identify the intermediate device.
8、 一种终端设备, 其特征在于, 所述终端设备包括: 8. A terminal device, characterized in that the terminal device includes:
发送单元, 用于通过所述中间设备向所述局端设备发送认证请求, 所 述认证请求包括所述终端设备所在的分支物理线路的物理线路标识, 所述 分支物理线路的物理线路标识用于唯一标识所述分支物理线路; A sending unit, configured to send an authentication request to the central office device through the intermediate device, where the authentication request includes a physical line identifier of the branch physical line where the terminal device is located, and the physical line identifier of the branch physical line is used to Uniquely identify the branch physical line;
第一接收单元, 用于接收所述局端设备通过所述中间设备发送的认证 响应, 所述认证响应为所述局端设备根据所述认证请求对所述终端设备进 行认证后返回的响应。 The first receiving unit is configured to receive an authentication response sent by the central office device through the intermediate device, where the authentication response is a response returned by the central office device after authenticating the terminal device according to the authentication request.
9、 根据权利要求 8所述的终端设备, 其特征在于, 所述终端设备还包 括: 9. The terminal device according to claim 8, characterized in that the terminal device further includes:
获取单元, 用于获取所述分支物理线路的物理线路标识; An acquisition unit, configured to acquire the physical line identification of the branch physical line;
所述发送单元, 还用于发送所述分支物理线路的物理线路标识给所述 局端设备。 The sending unit is also configured to send the physical line identification of the branch physical line to the Central office equipment.
1 0、 根据权利要求 8所述的终端设备, 其特征在于, 所述认证请求还 包括: 主干物理线路标识, 和 /或中间设备标识, 所述主干物理线路标识用 于唯一标识所述局端设备与所述中间设备之间的主干物理线路, 所述中间 设备标识用于唯一标识所述中间设备。 10. The terminal device according to claim 8, wherein the authentication request further includes: a backbone physical line identifier, and/or an intermediate device identifier, and the backbone physical line identifier is used to uniquely identify the central office. The backbone physical line between the device and the intermediate device, and the intermediate device identifier is used to uniquely identify the intermediate device.
1 1、 一种局端设备, 其特征在于, 所述局端设备包括: 1 1. A central office equipment, characterized in that, the central office equipment includes:
第二接收单元,用于通过所述中间设备接收终端设备发送的认证请求, 所述认证请求包括所述终端设备所在的分支物理线路的物理线路标识, 所 述分支物理线路的物理线路标识用于唯一标识所述分支物理线路; The second receiving unit is configured to receive the authentication request sent by the terminal device through the intermediate device. The authentication request includes the physical line identifier of the branch physical line where the terminal device is located. The physical line identifier of the branch physical line is used to Uniquely identify the branch physical line;
处理单元, 用于根据所述分支物理线路的物理线路标识, 对所述终端 设备进行认证, 并通过所述中间设备返回认证响应给所述终端设备。 A processing unit, configured to authenticate the terminal device according to the physical line identification of the branch physical line, and return an authentication response to the terminal device through the intermediate device.
1 2、 根据权利要求 1 1所述的局端设备, 其特征在于, 所述第二接收单 元, 还用于接收所述终端设备发送的所述分支物理线路的物理线路标识并 进行存储。 12. The central office equipment according to claim 11, characterized in that the second receiving unit is further configured to receive the physical line identification of the branch physical line sent by the terminal equipment and store it.
1 3、 根据权利要求 1 2所述的局端设备, 其特征在于, 所述处理单元, 具体用于判断所述认证请求中的物理线路标识与所述存储的分支物理线路 的物理线路标识是否相同; 13. The central office device according to claim 12, characterized in that the processing unit is specifically configured to determine whether the physical line identification in the authentication request is consistent with the physical line identification of the stored branch physical line. same;
若相同, 则认证通过; 否则, 认证不通过。 If they are the same, the authentication passes; otherwise, the authentication fails.
14、 根据权利要求 1 1所述的局端设备, 其特征在于, 所述认证请求还 包括: 主干物理线路标识, 和 /或中间设备标识, 所述主干物理线路标识用 于唯一标识所述局端设备与所述中间设备之间的主干物理线路, 所述中间 设备标识用于唯一标识所述中间设备。 14. The central office device according to claim 11, wherein the authentication request further includes: a backbone physical line identifier, and/or an intermediate device identifier, and the backbone physical line identifier is used to uniquely identify the central office. The backbone physical line between the terminal device and the intermediate device, and the intermediate device identifier is used to uniquely identify the intermediate device.
1 5、 一种认证系统, 所述系统包括: 局端设备、 中间设备、 至少一个 终端设备; 所述局端设备通过所述中间设备与所述至少一个终端设备进行 连接, 所述局端设备通过主干物理线路与所述中间设备进行连接, 所述中 间设备通过多条分支物理线路分别与所述至少一个终端设备进行连接, 其 特征在于, 所述终端设备为权利要求 8 -1 0中任意一项所述的终端设备, 所 述局端设备为权利要求 11-14任意一项所述的局端设备。 15. An authentication system, the system includes: a central office device, an intermediate device, and at least one terminal device; the central office device is connected to the at least one terminal device through the intermediate device, and the central office device The intermediate device is connected to the intermediate device through a trunk physical line, and the intermediate device is connected to the at least one terminal device through a plurality of branch physical lines. The characteristic is that the terminal device is any of claims 8-10. The terminal equipment described in one item, the The central office equipment is the central office equipment described in any one of claims 11-14.
PCT/CN2012/084674 2012-11-15 2012-11-15 Authentication method, apparatus and system WO2014075266A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2012/084674 WO2014075266A1 (en) 2012-11-15 2012-11-15 Authentication method, apparatus and system
CN201280002345.XA CN103222249B (en) 2012-11-15 2012-11-15 Authentication method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/084674 WO2014075266A1 (en) 2012-11-15 2012-11-15 Authentication method, apparatus and system

Publications (1)

Publication Number Publication Date
WO2014075266A1 true WO2014075266A1 (en) 2014-05-22

Family

ID=48818204

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/084674 WO2014075266A1 (en) 2012-11-15 2012-11-15 Authentication method, apparatus and system

Country Status (2)

Country Link
CN (1) CN103222249B (en)
WO (1) WO2014075266A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018058624A1 (en) * 2016-09-30 2018-04-05 华为技术有限公司 Method for accessing optical network by optical network unit, and authentication device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1863199A (en) * 2005-09-30 2006-11-15 华为技术有限公司 Method for carrying out service in wideband network
CN102025702A (en) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 Network based on identity and position separation frame, and backbone network and network element thereof
CN102474508A (en) * 2009-10-20 2012-05-23 阿瓦雅公司 Hierarchal Structuring Of Nodes In A Peer-To-Peer Network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1863199A (en) * 2005-09-30 2006-11-15 华为技术有限公司 Method for carrying out service in wideband network
CN102025702A (en) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 Network based on identity and position separation frame, and backbone network and network element thereof
CN102474508A (en) * 2009-10-20 2012-05-23 阿瓦雅公司 Hierarchal Structuring Of Nodes In A Peer-To-Peer Network

Also Published As

Publication number Publication date
CN103222249A (en) 2013-07-24
CN103222249B (en) 2016-01-13

Similar Documents

Publication Publication Date Title
WO2010135936A1 (en) Method and apparatus for authentication in passive optical network and passive optical network thereof
JP5068495B2 (en) Distributed authentication function
WO2018177143A1 (en) Identity authentication method and system, server and terminal
US10819708B2 (en) Method for authenticating optical network unit, optical line terminal, and optical network unit
WO2009052676A1 (en) Method and systme for user authenticating
WO2009009999A1 (en) Terminal detection authentication method, device and operational management system in passive optical network
US9083465B2 (en) Method for acquiring PON port association relationship, optical network device, and optical network system
CN104584478B (en) Terminal authentication method, apparatus and system in passive optical network
CN102571353B (en) The method of verifying legitimacy of home gateway in passive optical network
WO2011127731A1 (en) Registration activation method and system for optical network unit
CN102271133A (en) Authentication method, device and system
US20170155449A1 (en) Service Processing Method and Apparatus and Optical Line Terminal
WO2010031269A1 (en) Method, system and device for realizing the user side terminal obtains a password
CN109104475A (en) Connect restoration methods, apparatus and system
WO2014114065A1 (en) License management authentication method and system for passive optical network device
CN103369529A (en) Identity authentication method, access point (AP) and access controller (AC)
US8769623B2 (en) Grouping multiple network addresses of a subscriber into a single communication session
CN101980496A (en) Message processing method and system, exchange board and access server equipment
CN106162387B (en) Authentication registration method, device and system of optical access module
WO2017005163A1 (en) Wireless communication-based security authentication device
WO2017076146A1 (en) Network access authentication method and system
WO2014075266A1 (en) Authentication method, apparatus and system
CN111526107A (en) Network equipment authentication method, device and storage medium
CN101478554A (en) 802.1X authentication method, apparatus, system, customer terminal, and network equipment
CN113742701B (en) System and method for opening AR/VR service, gateway device, AR/VR device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12888506

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12888506

Country of ref document: EP

Kind code of ref document: A1