WO2014114065A1 - License management authentication method and system for passive optical network device - Google Patents

License management authentication method and system for passive optical network device Download PDF

Info

Publication number
WO2014114065A1
WO2014114065A1 PCT/CN2013/079949 CN2013079949W WO2014114065A1 WO 2014114065 A1 WO2014114065 A1 WO 2014114065A1 CN 2013079949 W CN2013079949 W CN 2013079949W WO 2014114065 A1 WO2014114065 A1 WO 2014114065A1
Authority
WO
WIPO (PCT)
Prior art keywords
license
items
resource
file
service module
Prior art date
Application number
PCT/CN2013/079949
Other languages
French (fr)
Chinese (zh)
Inventor
朱崇银
刘华
蒋磊
杨莹
Original Assignee
烽火通信科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 烽火通信科技股份有限公司 filed Critical 烽火通信科技股份有限公司
Publication of WO2014114065A1 publication Critical patent/WO2014114065A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Definitions

  • the invention relates to passive optical network equipment security and resource management, in particular to a passive optical network equipment license management authentication method and system. Used to address equipment vendors' deep control over system resource usage. Background technique
  • Passive optical network is a new type of fiber access network technology. It adopts point-to-multipoint structure and passive optical fiber transmission, which consists of 0LT, 0DN and 0NU.
  • the ODN Optical Distributed Network
  • the ODN consists of an optical fiber and a passive optical splitter. It connects the 0LT (Optical Line Terminal) of the central office and the ONU (Optical Network Unit) of the client.
  • 0LT Optical Line Terminal
  • ONU Optical Network Unit
  • a plurality of terminal devices 0NU share various services of the central office device OLT, and have the advantages of low cost, high bandwidth, strong scalability, flexible and fast service reorganization, and the like.
  • the present invention aims to provide a passive optical network device license management authentication method and system, which can solve the problem of how to deeply control the resources of the passive optical network device, and adopt a flexible license authentication management.
  • "Deep" binds users, promotes the value of software intellectual property, and plays a significant positive role in flexible business strategies.
  • the technical solution adopted by the present invention is:
  • a passive optical network device license management authentication method characterized in that:
  • the license creation tool creates a license file according to the device information, and the device information includes at least an electronic serial number SN, a function item, and a resource item authorization status;
  • the license management center authenticates the license file that has been loaded into the device, and delivers the function items and resource items that have passed the verification to the NE license control center.
  • the network element License Control Center receives the function items and resource items delivered by the NE management center, and authenticates the use of function items and resource items according to the authorization status and application information of the service module.
  • the service module When a user uses a function item or a resource item of a service module, the service module actively submits an application to the network element license control center, and controls the use of the function item and the resource item according to the authentication information returned by the network element license control center.
  • the license creation tool directly obtains the electronic serial number SN from the device, and obtains the resource item and the function item authorization status from the contract.
  • step (2) first open the FTP server, and deploy the previously generated license file to the FTP server; then log in to the FTP client, enter the remote download command, and configure the license file on the FTP server. Loaded into the local NE license management center where the FTP client is located.
  • the network management center when the device is powered on, the network management center obtains the license file from the local persistent device, parses the license file, and sends the file authorization content to the network license. control center.
  • the license management center resolves the license file and verifies the legality and security of the license file.
  • the content is sent to the NE license control center. If it fails, the FTP remote login license file is incorrect.
  • step (4) after the network element license control center receives the function item and the resource item authorization content, the network element license management center sends the authorization content and the last time.
  • Authorized content and service module application information are compared; if the content of the authorization exceeds the last authorized content, and the service module has information that has not passed the authentication, the content that has not been authenticated by the service module is re-authenticated; If the content of the service module is lower than the last authorized content, and the service module has redundant content that has passed the authentication, the content of the service module that is not authenticated is deregistered. In other cases, the function of the service module and the resource item are controlled.
  • step (5) when the service module submits a resource item or a function item application request to the network element license control center, if the network element license control center passes the authentication, the service module allows the resource item or Use of function items, otherwise the business module does not allow the use of resource items or function items.
  • a license management system for a passive optical network device comprising: a license creation tool set in a license creation server, configured to create a license file;
  • An FTP server configured on the network management server to interact with the FTP client and remotely load the license file created by the license creation tool to the device.
  • the NE management center is configured to verify the legality of the license file and centrally manage the key function items and resource items of the NE device.
  • the NE is configured to interact with the NE license management center and control the function items and resource items of the device according to the NE license management center.
  • the service module (service configuration module) configured in the NE interacts with the NE license control center to receive control of the NE license control center and control the use of specific function items or resource items.
  • the passive optical network device license management authentication method and system according to the present invention can conveniently and effectively control system function items or resource items, and subsequent maintenance can control separate billing based on function items or resource items to ensure long-term sustainable return.
  • FIG. 1 is a structural diagram of a network element license software according to the present invention.
  • FIG. 2 is a flow chart of the present invention
  • FIG. 3 is a flowchart of processing of a network element license management center according to the present invention
  • FIG. 4 is a flowchart of processing of a network element license control center according to the present invention.
  • the license management authentication method for the passive optical network device includes the following contents:
  • FIG. 2 corresponds to step S10;
  • Step 2 Remotely load the created license file into the device (referred to as a passive optical network device) through FTP;
  • Figure 2 corresponds to step S20;
  • Step (3) The license management center of the NE authenticates the license file that has been loaded into the device, and delivers the function items and resource items that are verified by the NE license control center.
  • Figure 2 corresponds to step S30. ;
  • Step (4) The NE license control center receives the function items and resource items delivered by the NE license management center, and authenticates the use of the function items and resource items according to the authorization status and the application information of the service module; Corresponding to step S40;
  • Step (5) When the user uses the function items and resource items of the service module, the service module actively submits an application to the network element license control center, and controls the use of the function item and the resource item according to the authentication information returned by the network element license control center.
  • Figure 2 corresponds to the step
  • the license creation tool directly obtains the electronic serial number SN from the device, and obtains the resource item and the function item authorization status from the contract.
  • step (2) first open the FTP server, and deploy the previously generated license file to the FTP server; then log in to the FTP client, enter the remote download command, and configure the license file on the FTP server.
  • the NE license management center obtains the license file from the local persistent device, parses the license file, and authorizes the file. It is sent to the NE license control center.
  • Figure 3 corresponds to steps 301, 304.
  • the license management center analyzes the license file and verifies the legality and security of the license file. If the authentication is passed, the file authorization content is sent to the NE license control center; if it fails, the FTP remote load license file error is returned.
  • Figure 3 corresponds to steps 302, 303.
  • the network element license control center receives the authorized content and service from the last time.
  • the module application information is compared; if the content of the authorization exceeds the last authorized content, and the service module has information that has not passed the authentication, the content that has not been authenticated by the service module is re-authenticated; if the content of the authorization is lower than the last time If the content is authorized, and the service module has redundant content that passes the authentication, the service module will be unauthenticated through the content of the authentication; in other cases, the function and resource item authentication of the service module are controlled.
  • Figure 4 corresponds to steps 401 through 404.
  • step (5) when the service module moves to the network element
  • the license control center proposes to use a resource item or a function item
  • the service module allows the use of the resource item or function item. Otherwise, the service module does not allow the resource item or function item to be used.
  • the present invention also provides a license management and authentication system for a passive optical network device, including:
  • a license creation tool that is installed in the license creation server to create a license file.
  • An FTP server configured on the network management server to interact with the FTP client and remotely load the license file created by the license creation tool to the device.
  • the NE management center is configured to verify the legality of the license file and centrally manage the key function items and resource items of the NE device.
  • the NE is configured to interact with the NE license management center and control the function items and resource items of the device according to the NE license management center.
  • the service module (service configuration module) configured in the NE interacts with the NE license control center to receive control of the NE license control center and control the use of specific function items or resource items.

Abstract

The present invention relates to a license management authentication method and system for a passive optical network device, comprising a license production tool for producing a license file; an FTP server which interacts with an FTP client and remotely loads the license file produced by the license production tool to a device; a network element license management center which verifies the legality of the license file and performs centralized management on key function items and resource items of a network element device; a network element license control center which interacts with the network element license management center and controls the use of the function items and resource items of the device according to an instruction of the network element license management center; and a service module which interacts with the network element license control center, receives the control of the network element license control center and controls the use of specific function items or resource items. The license management authentication method and system of the present invention can conveniently and effectively control function items or resource items of a system, so that subsequent maintenances can be controlled to be charged separately based on the function items or the resource items, ensuring long-term sustainable return.

Description

一种无源光网络设备 License管理认证方法及系统  Passive optical network equipment license management authentication method and system
技术领域 Technical field
本发明涉及无源光网络设备安全及资源管理,具体说是一种无源 光网络设备 License管理认证方法及系统。用于解决设备供应商对系 统资源使用进行深度控制。 背景技术  The invention relates to passive optical network equipment security and resource management, in particular to a passive optical network equipment license management authentication method and system. Used to address equipment vendors' deep control over system resource usage. Background technique
无源光网络是一种新型的光纤接入网技术, 它采用点到多点结 构, 无源光纤传输, 由 0LT、 0DN、 0NU 组成。 其中, ODN (Optical Distributed Network )由光纤和无源分光器组成, 它连接局端的 0LT (Optical Line Terminal )禾口用户端的 ONU (Optical Network Unit ) , 在一定的物理限制和带宽限制条件下,让多个终端设备 0NU来共享局 端设备 0LT的各种业务, 具有成本低、 高宽带、 扩展性强、 灵活快速 的服务重组等优点。  Passive optical network is a new type of fiber access network technology. It adopts point-to-multipoint structure and passive optical fiber transmission, which consists of 0LT, 0DN and 0NU. The ODN (Optical Distributed Network) consists of an optical fiber and a passive optical splitter. It connects the 0LT (Optical Line Terminal) of the central office and the ONU (Optical Network Unit) of the client. Under certain physical limits and bandwidth constraints, A plurality of terminal devices 0NU share various services of the central office device OLT, and have the advantages of low cost, high bandwidth, strong scalability, flexible and fast service reorganization, and the like.
在现有的 P0N设备集采中,电信运营商是按照实际需求下发采购 计划, 而 P0N设备供应商基本上是按标准配置提供的, 经常会出现标 准配置超出实际需求的情况, 这无疑造成了系统资源的浪费, 所以需 要一种对系统资源使用进行深度控制的方法和机制,以确保长期可持 续回报。 发明内容  In the existing P0N equipment collection, the telecom operators issue the procurement plan according to the actual demand, and the P0N equipment suppliers are basically provided according to the standard configuration, and often the standard configuration exceeds the actual demand, which undoubtedly causes The waste of system resources requires a method and mechanism for deep control of system resource usage to ensure long-term sustainable returns. Summary of the invention
针对现有技术中存在的缺陷,本发明的目的在于提供一种无源光 网络设备 License管理认证方法及系统,解决如何对无源光网络设备 的资源进行深度控制,通过灵活的 License认证管理对 "深度"绑定 用户、推进软件知识产权的价值的体现, 灵活的商务策略等方面发挥 重大积极的作用。 为达到以上目的, 本发明采取的技术方案是: In view of the deficiencies in the prior art, the present invention aims to provide a passive optical network device license management authentication method and system, which can solve the problem of how to deeply control the resources of the passive optical network device, and adopt a flexible license authentication management. "Deep" binds users, promotes the value of software intellectual property, and plays a significant positive role in flexible business strategies. In order to achieve the above object, the technical solution adopted by the present invention is:
一种无源光网络设备 License管理认证方法, 其特征在于:  A passive optical network device license management authentication method, characterized in that:
(1)用 License制作工具根据设备信息制作 License文件, 所述 设备信息至少包括电子序列号 SN、 功能项和资源项授权情况;  (1) The license creation tool creates a license file according to the device information, and the device information includes at least an electronic serial number SN, a function item, and a resource item authorization status;
(2)将制作好的 License文件通过 FTP远程加载到设备;  (2) Remotely load the created license file into the device through FTP;
(3)网元 License管理中心对已加载到设备中的 License文件进 行验证,并向网元 License控制中心下发对验证通过的功能项和资源 项内容;  (3) The license management center authenticates the license file that has been loaded into the device, and delivers the function items and resource items that have passed the verification to the NE license control center.
(4)网元 License控制中心接收网元 License管理中心下发的功 能项和资源项内容,并根据授权情况以及业务模块的申请信息来对功 能项和资源项的使用进行认证;  (4) The network element License Control Center receives the function items and resource items delivered by the NE management center, and authenticates the use of function items and resource items according to the authorization status and application information of the service module.
(5)用户使用业务模块的功能项和资源项时, 由业务模块主动向 网元 License控制中心提出申请,并根据网元 License控制中心返回 的认证信息, 控制功能项和资源项的使用。  (5) When a user uses a function item or a resource item of a service module, the service module actively submits an application to the network element license control center, and controls the use of the function item and the resource item according to the authentication information returned by the network element license control center.
在上述技术方案的基础上, 歩骤(1)中, License 制作工具从设 备直接获取电子序列号 SN, 从合同中获取资源项和功能项授权情况。  On the basis of the above technical solution, in the step (1), the license creation tool directly obtains the electronic serial number SN from the device, and obtains the resource item and the function item authorization status from the contract.
在上述技术方案的基础上, 歩骤 (2)中, 首先打开 FTP服务器, 将之前生成好的 License文件部署到 FTP服务器中;然后登陆 FTP客 户端, 录入远程下载命令, 将 FTP服务器中 License文件加载到 FTP 客户端所在的本地网元 License管理中心中。  On the basis of the above technical solution, in step (2), first open the FTP server, and deploy the previously generated license file to the FTP server; then log in to the FTP client, enter the remote download command, and configure the license file on the FTP server. Loaded into the local NE license management center where the FTP client is located.
在上述技术方案的基础上,歩骤(3)中,设备上电时,网元 License 管理中心从本地持久化设备中获取 License文件,解析 License文件, 并将文件授权内容下发给网元 License控制中心。  On the basis of the foregoing technical solution, in the step (3), when the device is powered on, the network management center obtains the license file from the local persistent device, parses the license file, and sends the file authorization content to the network license. control center.
在上述技术方案的基础上,歩骤(3)中,当远程 FTP加载 License 文件时, 网元 License管理中心解析 License文件, 并验证 License 文件的合法性与安全性; 如验证通过才将文件授权内容下发给网元 License控制中心; 未通过则返回 FTP远程加载 License文件错误。  On the basis of the above technical solution, in the third step, when the remote FTP is loaded with the license file, the license management center resolves the license file and verifies the legality and security of the license file. The content is sent to the NE license control center. If it fails, the FTP remote login license file is incorrect.
在上述技术方案的基础上, 歩骤(4)中, 网元 License控制中心 接收网元 License管理中心下发功能项与资源项授权内容后,与上次 授权内容、业务模块申请信息进行比较; 若本次授权内容超出上次授 权内容, 且业务模块还有未通过认证的信息, 则对业务模块未通过认 证的内容进行重新认证; 若本次授权内容低于上次授权内容, 且业务 模块还有多余通过认证的内容,则对业务模块多余通过认证的内容进 行注销认证; 其余情况则控制业务模块的功能项与资源项认证 On the basis of the foregoing technical solution, in step (4), after the network element license control center receives the function item and the resource item authorization content, the network element license management center sends the authorization content and the last time. Authorized content and service module application information are compared; if the content of the authorization exceeds the last authorized content, and the service module has information that has not passed the authentication, the content that has not been authenticated by the service module is re-authenticated; If the content of the service module is lower than the last authorized content, and the service module has redundant content that has passed the authentication, the content of the service module that is not authenticated is deregistered. In other cases, the function of the service module and the resource item are controlled.
在上述技术方案的基础上, 歩骤(5)中, 当业务模块向网元 License 控制中心提出资源项或功能项使用申请时, 如果网元 License控制中心认证通过,则业务模块允许资源项或功能项的使用, 否则业务模块不允许资源项或功能项的使用。  On the basis of the foregoing technical solution, in the step (5), when the service module submits a resource item or a function item application request to the network element license control center, if the network element license control center passes the authentication, the service module allows the resource item or Use of function items, otherwise the business module does not allow the use of resource items or function items.
一种无源光网络设备 License管理认证系统,其特征在于,包括: 设置在 License制作服务器中的 License制作工具, 用于制作 License文件;  A license management system for a passive optical network device, comprising: a license creation tool set in a license creation server, configured to create a license file;
设置在网管服务器中的 FTP服务器,用于与 FTP客户端进行交互, 并将 License制作工具制作好的 License文件远程加载到设备;  An FTP server configured on the network management server to interact with the FTP client and remotely load the license file created by the license creation tool to the device.
设置在网元中的 FTP客户端, 与 FTP服务器进行交互, 完成将 FTP服务器中的 License文件远程加载到设备;  Configure the FTP client in the NE to interact with the FTP server to remotely load the license file from the FTP server to the device.
设置在网元中的网元 License管理中心,用于验证 License文件 合法性, 对网元设备的关键功能项和资源项进行集中管理;  The NE management center is configured to verify the legality of the license file and centrally manage the key function items and resource items of the NE device.
设置在网元中的网元 License控制中心,与网元 License管理中 心进行交互, 根据网元 License管理中心指示, 控制设备功能项和资 源项的使用;  The NE is configured to interact with the NE license management center and control the function items and resource items of the device according to the NE license management center.
设置在网元中的业务模块 (业务配置模块), 与网元 License控 制中心交互, 接收网元 License控制中心的控制, 控制具体功能项或 资源项的使用。  The service module (service configuration module) configured in the NE interacts with the NE license control center to receive control of the NE license control center and control the use of specific function items or resource items.
本发明所述的无源光网络设备 License管理认证方法及系统,能 方便有效的控制系统功能项或资源项,后续维护可以控制基于功能项 或资源项来分别计费, 确保长期可持续回报。 附图说明 The passive optical network device license management authentication method and system according to the present invention can conveniently and effectively control system function items or resource items, and subsequent maintenance can control separate billing based on function items or resource items to ensure long-term sustainable return. DRAWINGS
本发明有如下附图:  The invention has the following figures:
图 1为本发明所述的网元 License软件结构图,  1 is a structural diagram of a network element license software according to the present invention;
图 2为本发明的流程图,  Figure 2 is a flow chart of the present invention,
图 3为本发明所述的网元 License管理中心处理流程图, 图 4为本发明所述的网元 License控制中心处理流程图。  3 is a flowchart of processing of a network element license management center according to the present invention, and FIG. 4 is a flowchart of processing of a network element license control center according to the present invention.
具体实施方式 detailed description
以下结合附图对本发明作进一歩详细说明。  The present invention will be described in detail below with reference to the accompanying drawings.
如图 1、 2所示, 本发明所述的无源光网络设备 License管理认 证方法, 包括以下内容:  As shown in FIG. 1 and FIG. 2, the license management authentication method for the passive optical network device according to the present invention includes the following contents:
歩骤(1)用 License制作工具根据设备信息制作 License文件 (许 可文件), 所述设备信息至少包括电子序列号 SN、 功能项和资源项授 权情况; 图 2中对应于歩骤 S10 ;  Step (1) using the license creation tool to create a license file (license file) according to the device information, the device information includes at least an electronic serial number SN, a function item, and a resource item authorization; FIG. 2 corresponds to step S10;
歩骤 (2)将制作好的 License文件通过 FTP远程加载到设备 (指 无源光网络设备); 图 2中对应于歩骤 S20;  Step 2 (2) Remotely load the created license file into the device (referred to as a passive optical network device) through FTP; Figure 2 corresponds to step S20;
歩骤(3)网元 License管理中心对已加载到设备中的 License文 件进行验证,并向网元 License控制中心下发对验证通过的功能项和 资源项内容; 图 2中对应于歩骤 S30;  Step (3) The license management center of the NE authenticates the license file that has been loaded into the device, and delivers the function items and resource items that are verified by the NE license control center. Figure 2 corresponds to step S30. ;
歩骤(4)网元 License控制中心接收网元 License管理中心下发 的功能项和资源项内容,并根据授权情况以及业务模块的申请信息来 对功能项和资源项的使用进行认证; 图 2中对应于歩骤 S40;  Step (4) The NE license control center receives the function items and resource items delivered by the NE license management center, and authenticates the use of the function items and resource items according to the authorization status and the application information of the service module; Corresponding to step S40;
歩骤 (5)用户使用业务模块的功能项和资源项时, 由业务模块主 动向网元 License控制中心提出申请,并根据网元 License控制中心 返回的认证信息, 控制功能项和资源项的使用; 图 2 中对应于歩骤 在上述技术方案的基础上, 歩骤(1)中, License 制作工具从设 备直接获取电子序列号 SN, 从合同中获取资源项和功能项授权情况。 在上述技术方案的基础上, 歩骤 (2)中, 首先打开 FTP服务器, 将之前生成好的 License文件部署到 FTP服务器中;然后登陆 FTP客 户端, 录入远程下载命令, 将 FTP服务器中 License文件加载到 FTP 客户端所在的本地网元 License管理中心中。 在上述技术方案的基础上, 如图 3所示, 歩骤 (3)中, 设备上电 时, 网元 License管理中心从本地持久化设备中获取 License文件, 解析 License文件,并将文件授权内容下发给网元 License控制中心。 图 3中对应于歩骤 301、 304。 在上述技术方案的基础上, 如图 3所示, 歩骤(3)中, 当远程 FTP 力口载 License文件时, 网元 License管理中心解析 License文件, 并 验证 License文件的合法性与安全性;如验证通过才将文件授权内容 下发给网元 License控制中心; 未通过则返回 FTP远程加载 License 文件错误。 图 3中对应于歩骤 302、 303。 在上述技术方案的基础上,如图 4所示,歩骤(4)中,网元 License 控制中心接收网元 License 管理中心下发功能项与资源项授权内容 后, 与上次授权内容、 业务模块申请信息进行比较; 若本次授权内容 超出上次授权内容, 且业务模块还有未通过认证的信息, 则对业务模 块未通过认证的内容进行重新认证;若本次授权内容低于上次授权内 容, 且业务模块还有多余通过认证的内容, 则对业务模块多余通过认 证的内容进行注销认证;其余情况则控制业务模块的功能项与资源项 认证。 图 4中对应于歩骤 401〜404。 在上述技术方案的基础上, 歩骤(5)中, 当业务模块向网元 License 控制中心提出资源项或功能项使用申请时, 如果网元 License控制中心认证通过,则业务模块允许资源项或功能项的使用, 否则业务模块不允许资源项或功能项的使用。 如图 1所示,本发明还给出了一种无源光网络设备 License管理 认证系统, 包括: Step (5) When the user uses the function items and resource items of the service module, the service module actively submits an application to the network element license control center, and controls the use of the function item and the resource item according to the authentication information returned by the network element license control center. ; Figure 2 corresponds to the step On the basis of the above technical solution, in the step (1), the license creation tool directly obtains the electronic serial number SN from the device, and obtains the resource item and the function item authorization status from the contract. On the basis of the above technical solution, in step (2), first open the FTP server, and deploy the previously generated license file to the FTP server; then log in to the FTP client, enter the remote download command, and configure the license file on the FTP server. Loaded into the local NE license management center where the FTP client is located. On the basis of the foregoing technical solution, as shown in FIG. 3, in the step (3), when the device is powered on, the NE license management center obtains the license file from the local persistent device, parses the license file, and authorizes the file. It is sent to the NE license control center. Figure 3 corresponds to steps 301, 304. On the basis of the above technical solution, as shown in FIG. 3, in the step (3), when the remote FTP port is loaded with the license file, the license management center analyzes the license file and verifies the legality and security of the license file. If the authentication is passed, the file authorization content is sent to the NE license control center; if it fails, the FTP remote load license file error is returned. Figure 3 corresponds to steps 302, 303. On the basis of the foregoing technical solution, as shown in FIG. 4, in the step (4), after receiving the function item and the resource item authorization content, the network element license control center receives the authorized content and service from the last time. The module application information is compared; if the content of the authorization exceeds the last authorized content, and the service module has information that has not passed the authentication, the content that has not been authenticated by the service module is re-authenticated; if the content of the authorization is lower than the last time If the content is authorized, and the service module has redundant content that passes the authentication, the service module will be unauthenticated through the content of the authentication; in other cases, the function and resource item authentication of the service module are controlled. Figure 4 corresponds to steps 401 through 404. Based on the above technical solution, in step (5), when the service module moves to the network element When the license control center proposes to use a resource item or a function item, if the network element license control center passes the authentication, the service module allows the use of the resource item or function item. Otherwise, the service module does not allow the resource item or function item to be used. As shown in FIG. 1 , the present invention also provides a license management and authentication system for a passive optical network device, including:
设置在 License制作服务器中的 License制作工具, 用于制作 License文件;  A license creation tool that is installed in the license creation server to create a license file.
设置在网管服务器中的 FTP服务器,用于与 FTP客户端进行交互, 并将 License制作工具制作好的 License文件远程加载到设备;  An FTP server configured on the network management server to interact with the FTP client and remotely load the license file created by the license creation tool to the device.
设置在网元中的 FTP客户端, 与 FTP服务器进行交互, 完成将 FTP服务器中的 License文件远程加载到设备;  Configure the FTP client in the NE to interact with the FTP server to remotely load the license file from the FTP server to the device.
设置在网元中的网元 License管理中心,用于验证 License文件 合法性, 对网元设备的关键功能项和资源项进行集中管理;  The NE management center is configured to verify the legality of the license file and centrally manage the key function items and resource items of the NE device.
设置在网元中的网元 License控制中心,与网元 License管理中 心进行交互, 根据网元 License管理中心指示, 控制设备功能项和资 源项的使用;  The NE is configured to interact with the NE license management center and control the function items and resource items of the device according to the NE license management center.
设置在网元中的业务模块 (业务配置模块), 与网元 License控 制中心交互, 接收网元 License控制中心的控制, 控制具体功能项或 资源项的使用。 以上所述仅为本发明的较佳实施例, 并不用于限制本发明, 凡在 本发明精神和原则之内所做的任何修改、等同替换和改进等, 均含于 本发明的保护范围之内。  The service module (service configuration module) configured in the NE interacts with the NE license control center to receive control of the NE license control center and control the use of specific function items or resource items. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and scope of the present invention are included in the scope of the present invention. Inside.
本说明书中未作详细描述的内容属于本领域专业技术人员公知 的现有技术。  The contents not described in detail in the present specification belong to the prior art well known to those skilled in the art.

Claims

权 利 要 求 书 Claim
1. 一种无源光网络设备 License管理认证方法, 其特征在于: A passive optical network device license management authentication method, characterized in that:
(1)用 License制作工具根据设备信息制作 License文件, 所述 设备信息至少包括电子序列号 SN、 功能项和资源项授权情况; (1) The license creation tool creates a license file according to the device information, and the device information includes at least an electronic serial number SN, a function item, and a resource item authorization status;
(2)将制作好的 License文件通过 FTP远程加载到设备;  (2) Remotely load the created license file into the device through FTP;
(3)网元 License管理中心对已加载到设备中的 License文件进 行验证,并向网元 License控制中心下发对验证通过的功能项和资源 项内容;  (3) The license management center authenticates the license file that has been loaded into the device, and delivers the function items and resource items that have passed the verification to the NE license control center.
(4)网元 License控制中心接收网元 License管理中心下发的功 能项和资源项内容,并根据授权情况以及业务模块的申请信息来对功 能项和资源项的使用进行认证;  (4) The network element License Control Center receives the function items and resource items delivered by the NE management center, and authenticates the use of function items and resource items according to the authorization status and application information of the service module.
(5)用户使用业务模块的功能项和资源项时, 由业务模块主动向 网元 License控制中心提出申请,并根据网元 License控制中心返回 的认证信息, 控制功能项和资源项的使用。  (5) When a user uses a function item or a resource item of a service module, the service module actively submits an application to the network element license control center, and controls the use of the function item and the resource item according to the authentication information returned by the network element license control center.
2.如权利要求 1所述的无源光网络设备 License管理认证方法, 其特征在于: 歩骤(1)中, License 制作工具从设备直接获取电子序 列号 SN, 从合同中获取资源项和功能项授权情况。  The license management authentication method for a passive optical network device according to claim 1, wherein in the step (1), the license creation tool directly obtains an electronic serial number SN from the device, and obtains a resource item and a function from the contract. Item authorization status.
3.如权利要求 1所述的无源光网络设备 License管理认证方法, 其特征在于: 歩骤 (2)中, 首先打开 FTP 服务器, 将之前生成好的 License文件部署到 FTP服务器中; 然后登陆 FTP客户端, 录入远程 下载命令,将 FTP服务器中 License文件加载到 FTP客户端所在的本 地网元 License管理中心中。  The method for authenticating the license management of the passive optical network device according to claim 1, wherein: in the step (2), the FTP server is first opened, and the previously generated license file is deployed to the FTP server; On the FTP client, enter the remote download command and load the license file from the FTP server to the local NE license management center where the FTP client is located.
4.如权利要求 1所述的无源光网络设备 License管理认证方法, 其特征在于: 歩骤(3)中, 设备上电时, 网元 License管理中心从本 地持久化设备中获取 License文件, 解析 License文件, 并将文件授 权内容下发给网元 License控制中心。  The method for authenticating the license management of the passive optical network device according to claim 1, wherein: in the step (3), when the device is powered on, the network management center obtains the license file from the local persistent device. The license file is parsed and the file authorization is delivered to the NE license control center.
5.如权利要求 1所述的无源光网络设备 License管理认证方法, 其特征在于: 歩骤(3)中, 当远程 FTP 加载 License 文件时, 网元 License管理中心解析 License文件, 并验证 License文件的合法性 与安全性;如验证通过才将文件授权内容下发给网元 License控制中 心; 未通过则返回 FTP远程加载 License文件错误。 The method for authenticating the license management of the passive optical network device according to claim 1, wherein: in the step (3), when the remote FTP loads the license file, the network element The license management center resolves the license file and verifies the legality and security of the license file. If the authentication is passed, the file is authorized to be sent to the NE license control center. If the license is not passed, the FTP remote license file is incorrectly loaded.
6.如权利要求 1所述的无源光网络设备 License管理认证方法, 其特征在于: 歩骤(4)中, 网元 License控制中心接收网元 License 管理中心下发功能项与资源项授权内容后, 与上次授权内容、业务模 块申请信息进行比较; 若本次授权内容超出上次授权内容, 且业务模 块还有未通过认证的信息,则对业务模块未通过认证的内容进行重新 认证; 若本次授权内容低于上次授权内容, 且业务模块还有多余通过 认证的内容, 则对业务模块多余通过认证的内容进行注销认证; 其余 情况则控制业务模块的功能项与资源项认证  The method for authenticating the license management of the passive optical network device according to claim 1, wherein in the step (4), the network management center receives the function item and the resource item authorization content from the network management center. After comparing with the last authorized content and the service module application information; if the content of the authorization exceeds the last authorized content, and the service module has information that has not passed the authentication, the content that has not been authenticated by the service module is re-authenticated; If the content of the authorization is lower than the last authorized content, and the service module has redundant content that passes the authentication, the content of the service module that is not authenticated is deregistered; in other cases, the function of the service module and the resource item are authenticated.
7.如权利要求 1所述的无源光网络设备 License管理认证方法, 其特征在于: 歩骤 (5)中, 当业务模块向网元 License控制中心提出 资源项或功能项使用申请时, 如果网元 License控制中心认证通过, 则业务模块允许资源项或功能项的使用,否则业务模块不允许资源项 或功能项的使用。  The method for authenticating the license management of the passive optical network device according to claim 1, wherein: in the step (5), when the service module submits a resource item or a function item application request to the network element license control center, If the NE license control center passes the authentication, the service module allows the use of resource items or function items. Otherwise, the service module does not allow the use of resource items or function items.
8. 一种无源光网络设备 License管理认证系统, 其特征在于, 包括:  A passive optical network device license management authentication system, comprising:
设置在 License制作服务器中的 License制作工具, 用于制作 License文件;  A license creation tool that is installed in the license creation server to create a license file.
设置在网管服务器中的 FTP服务器,用于与 FTP客户端进行交互, 并将 License制作工具制作好的 License文件远程加载到设备;  An FTP server configured on the network management server to interact with the FTP client and remotely load the license file created by the license creation tool to the device.
设置在网元中的 FTP客户端, 与 FTP服务器进行交互, 完成将 FTP服务器中的 License文件远程加载到设备;  Configure the FTP client in the NE to interact with the FTP server to remotely load the license file from the FTP server to the device.
设置在网元中的网元 License管理中心,用于验证 License文件 合法性, 对网元设备的关键功能项和资源项进行集中管理;  The NE management center is configured to verify the legality of the license file and centrally manage the key function items and resource items of the NE device.
设置在网元中的网元 License控制中心,与网元 License管理中 心进行交互, 根据网元 License管理中心指示, 控制设备功能项和资 源项的使用; 设置在网元中的业务模块 (业务配置模块), 与网元 License控 制中心交互, 接收网元 License控制中心的控制, 控制具体功能项或 资源项的使用。 The NE license control center is configured to interact with the NE license management center to control the use of device function items and resource items according to the NE license management center. The service module (service configuration module) is configured to interact with the NE license control center to receive control of the NE license control center to control the use of specific function items or resource items.
PCT/CN2013/079949 2013-01-25 2013-07-24 License management authentication method and system for passive optical network device WO2014114065A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310029872.6A CN103067211B (en) 2013-01-25 2013-01-25 A kind of passive optical network equipment License Management authentication method and system
CN201310029872.6 2013-01-25

Publications (1)

Publication Number Publication Date
WO2014114065A1 true WO2014114065A1 (en) 2014-07-31

Family

ID=48109680

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/079949 WO2014114065A1 (en) 2013-01-25 2013-07-24 License management authentication method and system for passive optical network device

Country Status (2)

Country Link
CN (1) CN103067211B (en)
WO (1) WO2014114065A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067211B (en) * 2013-01-25 2016-08-24 烽火通信科技股份有限公司 A kind of passive optical network equipment License Management authentication method and system
CN105431857A (en) * 2013-05-29 2016-03-23 慧与发展有限责任合伙企业 Passive security of applications
CN105681061B (en) * 2014-11-18 2019-05-21 中兴通讯股份有限公司 A kind of fine-grained resource control method and device
CN108093318B (en) * 2017-12-29 2021-05-18 武汉长光科技有限公司 Method for authenticating License of PON system and OLT
CN108738020B (en) * 2018-04-13 2020-10-23 三维通信股份有限公司 Authorization management method and system for signal transmission bandwidth of DAS (data acquisition System)
CN110674472A (en) * 2019-09-29 2020-01-10 苏州浪潮智能科技有限公司 Enterprise-level License management system and method
CN111597545B (en) * 2020-05-19 2021-08-31 北京海泰方圆科技股份有限公司 Authorization management method and device
CN111970319A (en) * 2020-06-22 2020-11-20 联想(北京)有限公司 Distribution control method of software License and network equipment
CN114448986B (en) * 2022-01-04 2024-03-01 上海弘积信息科技有限公司 License control method based on MC centralized management system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101068145A (en) * 2007-07-05 2007-11-07 杭州华三通信技术有限公司 EPON network element configuration method and EPON
CN101141460A (en) * 2007-08-20 2008-03-12 中兴通讯股份有限公司 Permission control method and system of service function in cluster system
KR101021151B1 (en) * 2009-05-08 2011-03-14 주식회사 다산네트웍스 Method and apparatus for managing nos installed to network device
CN102780572A (en) * 2011-05-11 2012-11-14 中兴通讯股份有限公司 License management method and device
CN103067211A (en) * 2013-01-25 2013-04-24 烽火通信科技股份有限公司 License management and authentication method and system for passive optical network equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101068145A (en) * 2007-07-05 2007-11-07 杭州华三通信技术有限公司 EPON network element configuration method and EPON
CN101141460A (en) * 2007-08-20 2008-03-12 中兴通讯股份有限公司 Permission control method and system of service function in cluster system
KR101021151B1 (en) * 2009-05-08 2011-03-14 주식회사 다산네트웍스 Method and apparatus for managing nos installed to network device
CN102780572A (en) * 2011-05-11 2012-11-14 中兴通讯股份有限公司 License management method and device
CN103067211A (en) * 2013-01-25 2013-04-24 烽火通信科技股份有限公司 License management and authentication method and system for passive optical network equipment

Also Published As

Publication number Publication date
CN103067211B (en) 2016-08-24
CN103067211A (en) 2013-04-24

Similar Documents

Publication Publication Date Title
WO2014114065A1 (en) License management authentication method and system for passive optical network device
CN108964885B (en) Authentication method, device, system and storage medium
EP3073699B1 (en) System and method for controlling mutual access of smart devices
WO2018127199A1 (en) Method for generating offline verification code based on smart door lock system, and system thereof
CN101931613B (en) Centralized authenticating method and centralized authenticating system
CN103188207B (en) A kind of cross-domain single sign-on realization method and system
EP2658207B1 (en) Authorization method and terminal device
CN103489233A (en) Electronic door control system with dynamic password
CN106921663B (en) Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
CN105100102B (en) A kind of authority configuration and information configuring methods and device
CN105577665A (en) Identity and access control and management system and method in cloud environment
CN103888265A (en) Login system and method based on mobile terminal
CN105262780B (en) A kind of authority control method and system
CN111131301A (en) Unified authentication and authorization scheme
EP2979420B1 (en) Network system comprising a security management server and a home network, and method for including a device in the network system
CN113360862A (en) Unified identity authentication system, method, electronic device and storage medium
CN105049427A (en) Management method and management device for login accounts of application systems
KR20150137518A (en) Hybride Cloud-Based ICT Service System and Method thereof
CN110365483A (en) Cloud platform authentication method, client, middleware and system
CN109067785A (en) Cluster authentication method, device
WO2012060956A3 (en) Methods and systems for establishing secure authenticated bidirectional server communication using automated credential reservation
CN105337967A (en) Method and system for achieving target server logging by user and central server
CN103188332A (en) Remote desktop access control management method, equipment and system
CN102420808B (en) Method for realizing single signon on telecom on-line business hall
CN104702562A (en) Terminal fusion service access method, terminal fusion service access system, and terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13872444

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13872444

Country of ref document: EP

Kind code of ref document: A1