Nothing Special   »   [go: up one dir, main page]

CN101557288A - ONU certificate method for PON system - Google Patents

ONU certificate method for PON system Download PDF

Info

Publication number
CN101557288A
CN101557288A CNA2008100910571A CN200810091057A CN101557288A CN 101557288 A CN101557288 A CN 101557288A CN A2008100910571 A CNA2008100910571 A CN A2008100910571A CN 200810091057 A CN200810091057 A CN 200810091057A CN 101557288 A CN101557288 A CN 101557288A
Authority
CN
China
Prior art keywords
optical network
network unit
authentication
onu
line terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2008100910571A
Other languages
Chinese (zh)
Inventor
张伟良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CNA2008100910571A priority Critical patent/CN101557288A/en
Publication of CN101557288A publication Critical patent/CN101557288A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Small-Scale Networks (AREA)

Abstract

The invention provides an ONU certificate method for a PON system, which comprises the following steps: ONU is first accessed to OLT and transmits local identification information to OLT; the certification information of a user is provided for the OLT, and authorization is obtained; and the identification information is added to a certification database to permit the accession of the ONU after the authorization is adopted. The invention simplifies the ONU certification of the OLT in the PON system.

Description

The ONU authentication method that is used for the PON system
Technical field
The present invention relates to the communications field, in particular to a kind of ONU (Optical Network Unit, optical network unit) authentication method that is used for PON (PassiveOptical Network, EPON) system.
Background technology
The PON system is by OLT (Optical Line Terminal, optical line terminal), ONU and ODN (Optical Distribution Network, Optical Distribution Network) forms, wherein be used for FTTH (Fiber To The Home, Fiber to the home) ONU be ONT (OpticalNetwork Terminal, Optical Network Terminal).ODN arrives multipoint configuration for point, and an OLT connects a plurality of ONU by ODN.
In order to prevent that illegal ONU from inserting OLT, general OLT need authenticate ONU, the present curing identification information that the authentication of ONU generally is correlated with based on ONU, as GPON (Gigabit-capable PON, Gigabit-capable Passive Optical Network) sequence number of ONU, EPON (Ethernet PON, Ethernet passive optical network) MAC of ONU (MediaAccess Control, media interviews are controlled) address etc., the curing identification information that these ONU are relevant generally is provided with by equipment vendors and is unique, based on an authentication database, the relevant ONU of identification information in authentication database that solidify is allowed to access OLT to OLT to the authentication of ONU.
ONU inserts OLT first, need provide to open mandate, and OLT will check the mandate of opening that ONU provides.ONU by OLT open authorization check after, later access authentication will be based on solidifying identification information and authentication database.
The PON system is also with large-scale application and deployment, and ONU is as remote equipment, and it will be very huge disposing quantity, and as time passes, and changing ONU because of update and Breakdown Maintenance also can be very frequent.In the prior art, the Certificate Authority of authentication database carries out at ONU, and therefore, ONU of the every replacing of same user needs to remodify mandate to new ONU from system side, new ONU could be joined in the authentication database.
In realizing process of the present invention, the inventor finds the maturation along with the PON relevant criterion, these updating maintenances of changing authentication database bring very big workload, and especially when the user can buy ONT equipment voluntarily, this hard work scale was more outstandingly existing.
Summary of the invention
The present invention aims to provide the ONU authentication method of a kind of PON of being used for system, to solve the bigger problem of authentication database workload of safeguarding OLT in the prior art.
In an embodiment of the present invention, provide the ONU authentication method of a kind of PON of being used for system, may further comprise the steps: ONU inserts OLT first, sends the identification information of this machine to OLT; Provide authentication information about the user to obtain the authorization to OLT; After mandate is passed through, identification information is added in the authentication database, to allow the access of ONU.
The ONU authentication method of above embodiment because adopt to authentification of user mandate replaced prior art to the ONU Certificate Authority, so overcome the bigger problem of authentication database workload of safeguarding OLT in the prior art, and then reached the effect of simplifying the ONU authentication.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 shows the flow chart according to the ONU authentication method of the embodiment of the invention;
Fig. 2 shows the flow chart of ONU authentication method according to the preferred embodiment of the invention;
Fig. 3 shows the flow chart of the ONU authentication method in the GPON system according to the preferred embodiment of the invention.
Embodiment
Below with reference to the accompanying drawings and in conjunction with the embodiments, describe the present invention in detail.
Fig. 1 shows the flow chart according to the ONU authentication method of the embodiment of the invention, may further comprise the steps:
Step S10, ONU insert OLT first, send the identification information of this machine to OLT;
Step S20 provides authentication information about the user to obtain the authorization to OLT;
Step S30 after mandate is passed through, adds identification information in the authentication database, to allow the access of ONU.
The difference of said method and prior art is: the Certificate Authority of authentication database carries out at ONU in the prior art, and is to carry out Certificate Authority at the user here.So,, do not need to revise in advance the ONU identification information in the authentication database no matter then how many platform ONU it changes as long as the user has obtained Certificate Authority.ONU of then every replacing in the prior art needs to remodify mandate to new ONU from system side.
This ONU authentication method because adopt to authentification of user mandate replaced prior art to the ONU Certificate Authority, so overcome the bigger problem of authentication database workload of safeguarding OLT in the prior art, and then reached the effect of simplifying the ONU authentication.
Preferably, step S10 specifically comprises: the ONU that upgrades is connected OLT; ONU powers on; ONU sends identification information to OLT, and wherein, identification information is the sequence number of unique identification ONU in the GPON system; Identification information is the MAC Address of unique identification ONU in the EPON system.
OLT can open mandate by active inquiry ONU, also can ONU initiatively reports to open mandate.In the GPON system, the passage that OLT and ONU open mandate alternately can be PLOAM (Physical Layer Operation Administration Maintenance, the physical layer operations management maintenance), OMCI (ONT Management and Control Interface, ONT manages control interface) etc.; In the EPON system, the passage that OLT and ONU open mandate alternately can be EPON OAM (Operation, Administration, Maintenance, an operation management maintain) passage.
Preferably, step S20 specifically comprises: OLT retrieves in authentication database under the situation less than identification information, and OLT requires the user of ONU is authenticated; Requirement according to OLT provides user authentication information to OLT; OLT verifies user authentication information; Checking joins in the authentication database by then authorizing the identification information with ONU.This provides the user the passive scheme that requires Certificate Authority.
Preferably, ONU comprises indicating module (for example indicator light), also comprises: when the authentification of user that ONU receives OLT required, indicating module sent indication (flicker), imported user authentication information with the prompting user.
Preferably, step S20 specifically comprises: ONU initiatively provides user authentication information to OLT; OLT verifies user authentication information; Checking joins in the authentication database by then authorizing the identification information with ONU.This provides the user initiatively to require the scheme of Certificate Authority.
Preferably, provide authentication information by following at least a input unit to OLT: prompting interface, input keyboard, bar code scanner, magnetic card inductor, numeric keypad about the user.These all are the input equipments of using always.
Preferably, the user comprises terminal use and attendant, and authentication information is about terminal use's authentication information or about attendant's authentication information.Terminal use or attendant can easily change ONU like this.This can classify to opening to authorize, as the attendant open mandate, user open mandate etc.The dissimilar authorities of opening have different effects, and as attendant's the ONU that mandate can be used for any kind that opens, by attendant's the ONU that mandate inserts OLT first that opens, its identification information directly adds authentication database; And the opening authority and can only be used for ONT of user by user's the ONT that mandate inserts OLT first that opens, opened with this user in the authentication database and authorized relevant identification information deleted, and the identification information that newly inserts ONT could add authentication database.
Preferably, in the GPON system, the exchange channels that ONU and OLT carry out Certificate Authority comprises following at least a: PLOAM passage, OMCI; In the EPON system, the exchange channels that ONU and OLT carry out Certificate Authority is the OAM passage.
Preferably, step S30 specifically comprises: identification information is added in the authentication database, and be associated with authentication information; The existing identification information of deletion from authentication database about authentication information.
Preferably, also comprise: authorization failure, then refuse identification information is added in the authentication database, to forbid the access of ONU.
Below in conjunction with Fig. 2 and Fig. 3 the preferred embodiments of the present invention are described.
Fig. 2 shows the flow chart of ONU authentication method according to the preferred embodiment of the invention, may further comprise the steps:
Step S202, the ONU of installation powers on, and sends identification information to OLT, and this identification information can be the sequence number of ONU;
Step S204, OLT retrieves authentication database, and the identification information of finding ONU is not in authentication database;
Step S206, OLT sends message to ONU, requires ONU to provide and opens the authentication information of mandate;
Step S208, installation personnel sends to OLT to ONU input authentication information by ONU;
Step S210, OLT check whether authentication information is legal;
If step S212 legal, then authorizes, and OLT deposits the identification information of ONU in authentication database, and allows ONU to insert;
Step S214, if illegal, then refusal is authorized, the access of refusal ONU.
Among this embodiment, open mandate by being provided with, ONU inserts the authentication of OLT first can carry out at any time, does not need to safeguard authentication database in advance, has simplified the open-minded of ONU.
Fig. 3 shows the flow chart of the ONU authentication method in the GPON system according to the preferred embodiment of the invention, may further comprise the steps:
Step S302, the ONU of installation powers on, and transmits Sequence Number to OLT;
Step S304, OLT retrieves authentication database, and whether the sequence number of checking ONU is in authentication database; If, then advance to step S314, allow to insert ONU, otherwise continue following steps;
Step S306, OLT sends Request_password message (descending PLOAM message) to ONU, requires ONU to provide and opens the authentication information (can abbreviate as and open mandate) of mandate; Opening mandate is the string of 10 byte longs, is made up of numeral.Be provided with two kinds and open mandate: the user opens and authorizes the attendant and open mandate.The user opens authorized appropriation and gives the end user, can only be used for ONT; The attendant opens the attendant that operator is given in authorized appropriation, can be used for any ONU.
Step S308, indicator light of the last configuration of ONU, after receiving Request_password message, the indicator light flicker, mandate is opened in prompting user/attendant's input;
Step S310, installation personnel send Password message to OLT to ONU input authentication information by ONU, and Password message is carried and opened mandate; Can obtain the user behind the user applies FTTH and open mandate, the last configuration of ONT miniature keyboard is used for user's input and opens mandate.The attendant opens the attendant use of authority by operator, and this is opened authority and can import by special administration interface such as hyper terminal, when opening ONT, also can import by miniature keyboard.OLT and ONU open mandate: OLT alternately and open mandate to ONU transmission Request_password request password message (descending PLOAM message) to the ONU request; ONU sends Password password message (up PLOAM message) to OLT, carries in the Password message and opens mandate.Wherein G.984.3 Request_password message and Password message have definition in the standard at ITU-T.
Step S312, OLT check whether authentication information is legal; OLT safeguards and to open authorization database, and it is legal being present in that opening in this database authorize, otherwise is illegal.
If step S316 legal, then authorizes, and OLT deposits the identification information of ONU in authentication database, and allows ONU to insert;
Step S318, if illegal, then refusal is authorized, the access of refusal ONU.
As can be seen from the above description, the above embodiment of the present invention provides a kind of ONU authentication mechanism, has safeguarded authentication database with realizing ONU authentication and safe ready.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. an optical network unit authentication method that is used for passive optical network is characterized in that, may further comprise the steps:
Optical network unit is incoming light ray road terminal first, sends the identification information of this machine to optical line terminal;
Provide authentication information about the user to obtain the authorization to optical line terminal;
After mandate is passed through, described identification information is added in the authentication database, to allow the access of optical network unit.
2. optical network unit authentication method according to claim 1 is characterized in that optical network unit is incoming light ray road terminal first, and the identification information that sends this machine to optical line terminal specifically comprises:
The optical network unit that upgrades is connected optical line terminal;
Optical network unit powers on;
Optical network unit sends described identification information to optical line terminal, wherein, is the sequence number of unique identification optical network unit at identification information described in the Gigabit-capable Passive Optical Network system; At identification information described in the Ethernet passive optical network system is the media access control address of unique identification optical network unit.
3. optical network unit authentication method according to claim 2 is characterized in that, provides the authentication information about the user specifically to comprise to obtain the authorization to optical line terminal:
Optical line terminal is retrieved in described authentication database under the situation less than described identification information, and optical line terminal requires the user of optical network unit is authenticated;
Requirement according to optical line terminal provides user authentication information to optical line terminal;
Optical line terminal is verified described user authentication information;
Checking joins in the described authentication database by then authorizing the described identification information with optical network unit.
4. optical network unit authentication method according to claim 3 is characterized in that optical network unit comprises indicating module, also comprises:
When the authentification of user that optical network unit receives optical line terminal required, described indicating module sent indication, imported described user authentication information with the prompting user.
5. optical network unit authentication method according to claim 2 is characterized in that, provides the authentication information about the user specifically to comprise to obtain the authorization to optical line terminal:
Optical network unit initiatively provides described user authentication information to optical line terminal;
Optical line terminal is verified described user authentication information;
Checking joins in the described authentication database by then authorizing the described identification information with optical network unit.
6. according to claim 3 or 5 described optical network unit authentication methods, it is characterized in that, provide described user authentication information to optical line terminal by following at least a input unit:
Prompting interface, input keyboard, bar code scanner, magnetic card inductor, numeric keypad.
7. according to claim 3 or 5 described optical network unit authentication methods, it is characterized in that described user comprises terminal use and attendant, described authentication information is about described terminal use's authentication information or about described attendant's authentication information.
8. according to claim 3 or 5 described optical network unit authentication methods, it is characterized in that, in the Gigabit-capable Passive Optical Network system, the exchange channels that optical network unit and optical line terminal carry out Certificate Authority comprises following at least a: physical layer operations management and maintenance channel, Optical Network Termination Management and Control Interface; In the Ethernet passive optical network system, the exchange channels that optical network unit and optical line terminal carry out Certificate Authority is an Ethernet passive optical network operation management maintain passage.
9. optical network unit authentication method according to claim 1 is characterized in that, described identification information is added in the described authentication database specifically comprise:
Described identification information is added in the described authentication database, and be associated with described authentication information;
The existing identification information of deletion from described authentication database about described authentication information.
10. optical network unit authentication method according to claim 1 is characterized in that, also comprises:
Authorization failure is then refused described identification information is added in the authentication database, to forbid the access of optical network unit.
CNA2008100910571A 2008-04-11 2008-04-11 ONU certificate method for PON system Pending CN101557288A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2008100910571A CN101557288A (en) 2008-04-11 2008-04-11 ONU certificate method for PON system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2008100910571A CN101557288A (en) 2008-04-11 2008-04-11 ONU certificate method for PON system

Publications (1)

Publication Number Publication Date
CN101557288A true CN101557288A (en) 2009-10-14

Family

ID=41175242

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2008100910571A Pending CN101557288A (en) 2008-04-11 2008-04-11 ONU certificate method for PON system

Country Status (1)

Country Link
CN (1) CN101557288A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101692672A (en) * 2009-10-19 2010-04-07 中兴通讯股份有限公司 Registration method and registration device of optical network unit in passive optical network
WO2011131141A1 (en) * 2010-04-22 2011-10-27 Huawei Technologies Co., Ltd. Ethod for authentication of a wireless backup system for an optical network unit
CN102480650A (en) * 2010-11-22 2012-05-30 中兴通讯股份有限公司 information sending method in passive optical network system and passive optical network system
CN102832997A (en) * 2012-09-12 2012-12-19 上海斐讯数据通信技术有限公司 ONU (Optical network unit) authentication method and ether passive optical network system
CN102082977B (en) * 2009-12-01 2014-03-05 中国电信股份有限公司 Authentication method and system of optical network unit
CN103873962A (en) * 2014-04-09 2014-06-18 上海斐讯数据通信技术有限公司 ONU authentication method and system based on single task management
CN104469561A (en) * 2015-01-06 2015-03-25 烽火通信科技股份有限公司 Method and device for controlling access capability of illegal manufacturer ONU in GPON system
WO2015184621A1 (en) * 2014-06-05 2015-12-10 华为技术有限公司 Method, device and system for authorizing optical network unit (onu)
CN105187261A (en) * 2015-10-20 2015-12-23 上海斐讯数据通信技术有限公司 Ethernet passive optical network access authentication method and system
CN107959898A (en) * 2017-12-05 2018-04-24 无锡路通视信网络股份有限公司 A kind of method that OLT identifies connected ONU legitimacies
CN113993013A (en) * 2021-11-19 2022-01-28 北京邮电大学 PON identity authentication method based on fiber channel characteristics and neural network
WO2024139131A1 (en) * 2022-12-28 2024-07-04 中兴通讯股份有限公司 Message processing method, storage medium and electronic apparatus

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101692672B (en) * 2009-10-19 2016-02-10 中兴通讯股份有限公司 The register method of optical network unit in passive optical network and device
CN101692672A (en) * 2009-10-19 2010-04-07 中兴通讯股份有限公司 Registration method and registration device of optical network unit in passive optical network
CN102082977B (en) * 2009-12-01 2014-03-05 中国电信股份有限公司 Authentication method and system of optical network unit
WO2011131141A1 (en) * 2010-04-22 2011-10-27 Huawei Technologies Co., Ltd. Ethod for authentication of a wireless backup system for an optical network unit
US9185555B2 (en) 2010-04-22 2015-11-10 Futurewei Technologies, Inc. Method for authentication of a wireless backup system for an optical network unit
CN102480650A (en) * 2010-11-22 2012-05-30 中兴通讯股份有限公司 information sending method in passive optical network system and passive optical network system
CN102832997A (en) * 2012-09-12 2012-12-19 上海斐讯数据通信技术有限公司 ONU (Optical network unit) authentication method and ether passive optical network system
CN102832997B (en) * 2012-09-12 2016-04-20 上海斐讯数据通信技术有限公司 A kind of authentication method of ONU equipment and Ethernet passive optical network system
CN103873962A (en) * 2014-04-09 2014-06-18 上海斐讯数据通信技术有限公司 ONU authentication method and system based on single task management
CN103873962B (en) * 2014-04-09 2018-01-16 上海斐讯数据通信技术有限公司 ONU authentication methods and system based on single task management
WO2015184621A1 (en) * 2014-06-05 2015-12-10 华为技术有限公司 Method, device and system for authorizing optical network unit (onu)
CN104469561B (en) * 2015-01-06 2018-01-02 烽火通信科技股份有限公司 The method and device of illegal manufacturer ONU access capabilities is controlled in GPON systems
CN104469561A (en) * 2015-01-06 2015-03-25 烽火通信科技股份有限公司 Method and device for controlling access capability of illegal manufacturer ONU in GPON system
CN105187261A (en) * 2015-10-20 2015-12-23 上海斐讯数据通信技术有限公司 Ethernet passive optical network access authentication method and system
CN107959898A (en) * 2017-12-05 2018-04-24 无锡路通视信网络股份有限公司 A kind of method that OLT identifies connected ONU legitimacies
CN113993013A (en) * 2021-11-19 2022-01-28 北京邮电大学 PON identity authentication method based on fiber channel characteristics and neural network
WO2024139131A1 (en) * 2022-12-28 2024-07-04 中兴通讯股份有限公司 Message processing method, storage medium and electronic apparatus

Similar Documents

Publication Publication Date Title
CN101557288A (en) ONU certificate method for PON system
CN102656838B (en) Optical network terminal management control interface-based passive optical network security enhancement
EP2426866B1 (en) Method and apparatus for authentication in passive optical network and passive optical network thereof
EP2073444B1 (en) Terminal detection authentication method, device and operational management system in passive optical network
CN102740174B (en) Method for managing ONU (optical network unit) access in GPON (gigabit passive optical network) system
EP2007063A1 (en) A user authentication method, apparatus and system for passive optical network
CN100596060C (en) A method, system and device for preventing optical network unit in passive optical network from being counterfeiting
CN104584478B (en) Terminal authentication method, apparatus and system in passive optical network
CN101127598B (en) A method and system for 802.1x authentication in passive optical network
CN101902662A (en) Optical network unit (ONU) registration activating method and system
CN103210606A (en) Method for authentication of a wireless backup system for an optical network unit
CN102045601B (en) Optical network unit (ONU) activating method and system in gigabit passive optical network (GPON) system
US20110167487A1 (en) Method, system and device for enabling user side terminal to obtain password
CN100488120C (en) Method for managing optical network with no source
CN103747370A (en) Method for realizing ONU automatic authorization in EPON system
US20150156014A1 (en) Method And Apparatus For ONU Authentication
CN102170421A (en) Method and system for realizing mixed authentication
CN100583760C (en) Verification implementation method and device
CN101778311A (en) Distribution method of optical network unit marks and optical line terminal
CN101873516A (en) Method for registering and activating optical network unit in a gigabit passive optical network system
CN109120334A (en) Fiber position determines method and device, network element, storage medium and processor
CN102082977B (en) Authentication method and system of optical network unit
CN101998180B (en) Method and system for supporting version compatibility between optical line terminal and optical network unit
KR100606095B1 (en) Transmission method and apparatus of a secure key after user authentication in a ethernet passive optical network system
CN112787801A (en) Method for authentication between PON (Passive optical network) equipment based on MD5 algorithm

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20091014