WO2009089708A1 - Système de réseau optique passif, terminal de ligne optique, procédé de génération et d'authentification d'informations d'authentification - Google Patents

Système de réseau optique passif, terminal de ligne optique, procédé de génération et d'authentification d'informations d'authentification Download PDF

Info

Publication number
WO2009089708A1
WO2009089708A1 PCT/CN2008/073409 CN2008073409W WO2009089708A1 WO 2009089708 A1 WO2009089708 A1 WO 2009089708A1 CN 2008073409 W CN2008073409 W CN 2008073409W WO 2009089708 A1 WO2009089708 A1 WO 2009089708A1
Authority
WO
WIPO (PCT)
Prior art keywords
ranging
authentication
information
line terminal
optical line
Prior art date
Application number
PCT/CN2008/073409
Other languages
English (en)
Chinese (zh)
Inventor
Junling Hu
Peilong Tan
Original Assignee
Shenzhen Huawei Communication Technologies Co. , Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Huawei Communication Technologies Co. , Ltd. filed Critical Shenzhen Huawei Communication Technologies Co. , Ltd.
Publication of WO2009089708A1 publication Critical patent/WO2009089708A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/16Time-division multiplex systems in which the time allocation to individual channels within a transmission cycle is variable, e.g. to accommodate varying complexity of signals, to vary number of channels transmitted
    • H04J3/1694Allocation of channels in TDM/TDMA networks, e.g. distributed multiplexers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q11/0067Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q2011/0088Signalling aspects

Definitions

  • the present invention relates to the field of PON (Passive Optical Network) technology. More specifically, the present invention relates to a passive optical network system, an optical line terminal, and an authentication information generation and authentication method. Background technique
  • a PON network usually includes an optical line termination (OLT) at a central office, and a series of user equipments located at the customer premises. , usually an Optical Network Unit/Optical Network Termination (ONU/ONT), and an optical distribution network composed of an optical fiber, a passive optical splitter or a coupler between the OLT and the customer equipment. (ODN, Optical Distribution Network).
  • ODN optical Distribution Network
  • the essential feature is that the ODN is composed entirely of passive components.
  • the passive optical splitters and couplers only serve to transmit and limit light, without power supply and information processing, and have an unrestricted mean time between failures, passive.
  • the characteristics of the network make the network deployment more flexible, without the need for the equipment room and power supply; the characteristics of the shared optical fiber can save a lot of optical fiber resources, making the access network line cost lower; and the structure of the pure optical medium, the transparent optical fiber broadband network, makes Future business expansion maintains the security of the technology.
  • the operator wants to limit the scope of use of the user equipment. That is, if the relocation procedure is not performed, the user equipment used under one port of the PON network cannot be migrated to another port. in use.
  • the current PON network system is difficult to perform line bonding like Digital Subscriber Line (DSL).
  • DSL Digital Subscriber Line
  • the OLT is very Hard to detect.
  • the prior art utilizes the ranging function unique to the PON network to identify the user equipment.
  • the ranging function provided by the PON network refers to: the distance between the user equipment and the central office OLT device can be measured through the interaction of the related packets. In general, the error is around 3-10 meters. This distance is proportional to the value of the round trip time (RTT, Round Trip Time) of the client device.
  • RTT Round Trip Time
  • the authentication information of the end device is bound as a fixed identification information of the user.
  • the OLT device of the local end OLT device can discover the RTT value of the user's current login, and the previously bound RTT. The value is inconsistent. According to this, the user can be denied login or an alarm is generated to remind the maintenance personnel to pay attention to protect the network user right of the legitimate user.
  • each branch of the PON required in the above solution is different, and for example, the minimum gap of each branch may be required to be about 10 m, which complicates the wiring engineering.
  • the technical problem to be solved by the embodiments of the present invention is to provide a passive optical network system, an optical line terminal, and an authentication information generation and authentication method, so that the PON client device can be bound to a line, and the wiring process is relatively simple.
  • a method for generating authentication information including:
  • An authentication method including:
  • An optical line terminal includes:
  • a ranging execution unit configured to perform ranging between the user equipment and the optical line terminal
  • the ranging authentication information generating unit is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated;
  • a ranging authentication decision information generating unit configured to generate ranging authentication decision information between the user equipment and the optical line terminal according to the authentication decision ranging result of the round trip ranging from the ranging execution unit when the authentication decision is initiated;
  • the authentication decision unit is configured to compare the ranging authentication determination information generated by the ranging authentication decision information generating unit with the ranging authentication information stored by the authentication information storage unit to determine an authentication result.
  • a passive optical network system comprising: a client equipment and an optical line terminal, wherein the optical line terminal comprises:
  • a ranging execution unit configured to perform ranging between the user equipment and the optical line terminal
  • the ranging authentication information generating unit is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated;
  • a ranging authentication decision information generating unit configured to generate ranging authentication decision information between the user equipment and the optical line terminal according to the authentication decision ranging result of the round trip ranging from the ranging execution unit when the authentication decision is initiated;
  • the authentication decision unit is configured to compare the ranging authentication determination information generated by the ranging authentication decision information generating unit with the ranging authentication information stored by the authentication information storage unit to determine an authentication result.
  • the PON client device and the line can be bound, and when the bound user equipment is authenticated, Performing round trip multiple ranging between the user equipment and the optical line terminal and obtaining a round trip multiple authentication decision ranging result; generating measurement information between the user equipment and the optical line terminal according to the round trip multiple authentication decision ranging result; Finally, the ranging authentication decision information is compared with the ranging authentication information to determine an authentication result.
  • FIG. 1 is a flowchart of an authentication method according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of an embodiment of a passive optical network system according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of an embodiment of an authentication decision unit in the user equipment shown in FIG. detailed description
  • the figure is a main flowchart of an authentication method according to an embodiment of the present invention.
  • the PON client device and the line binding depend on the unauthentication process between each branch line and the OLT, including the following steps:
  • Step S101 Round-trip multiple ranging between the optical network terminal and the optical line terminal, and obtain a round-trip multiple authentication decision ranging result.
  • the authentication decision ranging result may be a distance of multiple round trips, or may be a round trip time of multiple round trips;
  • Step S102 Generate ranging authentication decision information between the optical network terminal and the optical line terminal according to the round-trip multiple authentication decision ranging result, where the distance between the optical network terminal and the optical line terminal is differentiated and amplified. Performing a function operation on the authentication decision ranging result to expand the line length difference, for example, adding or multiplying the round-trip multiple authentication decision ranging result; wherein, the ranging authentication decision information may It is the distance authentication information of the round trip multiple ranging, and may also be the round trip time information of the round trip multiple ranging;
  • the specific implementation may include:
  • the ranging authentication information is ranging authentication information that is differentiated and amplified by a distance between the user equipment and the optical line terminal.
  • the ranging authentication information is distance authentication information for round trip multiple ranging;
  • the secondary authentication ranging result is a round trip time of round trip multiple ranging, and the ranging authentication information is round trip time authentication information of round trip multiple ranging.
  • Step S104 comparing the ranging authentication decision information with the ranging authentication information to determine an authentication result. For specific implementation, for example, comparing the ranging authentication decision information with the ranging authentication information; determining whether the comparison result is Within the scope of certification, if the judgment result is yes, it is determined that the certification is passed, and no, it is determined that the certification has not passed.
  • the authentication information may be obtained by multiple ranging when the user equipment is first logged in, for example, after the ONT is opened, or may be obtained by multiple ranging after the user equipment, for example, the ONT is opened online (not the first time after the account is opened).
  • the number of times of ranging ranging information and ranging authentication decision information is preferably the same for multiple ranging to ensure a small error.
  • FIG. 2 is a schematic structural diagram of a passive optical network system according to an embodiment of the present invention.
  • the passive optical network system of the present embodiment mainly includes: a user equipment 1 and an optical line terminal 2, wherein the user equipment 1 may be an optical network terminal or an optical network unit;
  • the optical line terminal 2 in this embodiment may include:
  • the ranging execution unit 21 is configured to perform ranging between the user equipment and the optical line terminal;
  • the ranging authentication information generating unit 22 is configured to generate ranging authentication information between the user equipment and the optical line terminal according to the ranging result of the ranging execution unit to the plurality of ranging when the ranging authentication information is generated, for example, reference In the foregoing description, the ranging authentication information may be ranging authentication information of a distance difference amplification process between the user equipment and the optical line terminal;
  • the authentication information storage unit 23 is configured to store ranging authentication information that is different from the distance between the user equipment and the optical line terminal;
  • the ranging authentication decision information generating unit 24 is configured to generate a distance-differentiated ranging between the user equipment and the optical line terminal according to the authentication decision ranging result of the round-trip multiple ranging of the ranging performing unit 21 when the authentication decision is initiated.
  • the authentication decision information for example, referring to the foregoing description, the ranging authentication decision information may be ranging authentication decision information of a distance difference amplification process between the user equipment and the optical line terminal; and an authentication decision unit 25, configured to use the ranging
  • the ranging authentication decision information generated by the authentication decision information generating unit 24 is compared with the ranging authentication information stored by the authentication information storage unit 23 to determine an authentication result.
  • the authentication determining unit 25 A specific embodiment can include:
  • the comparing unit 251 is configured to compare the ranging authentication decision information with the ranging authentication information;
  • the determining unit 252 is configured to determine whether the comparison result is within the authentication range. If the determination result is yes, it is determined that the authentication is passed. Otherwise, it is determined that the authentication fails, the online can be rejected, or an alarm log is generated, and the maintenance personnel is prompted to perform the confirmation processing. Etc., no longer detailed here.
  • the ranging authentication judgment information generating unit 24 generates the measurement.
  • the authentication judgment information may be distance authentication judgment information for round trip multiple ranging.
  • the ranging authentication judgment information generated by the ranging authentication decision information generating unit 24 may be more round trips. Round trip time authentication decision information for secondary ranging.
  • the passive optical network system, the optical line terminal, the authentication information generation and the authentication method of the embodiment can be used to bind the PON client device and the line, and when the user equipment is authenticated, the user terminal is authenticated.
  • obtaining the distance-authenticated ranging authentication information of the pre-stored user equipment and the optical line terminal and finally comparing the ranging authentication decision information with the ranging authentication information to determine an authentication result.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Optical Communication System (AREA)

Abstract

Le mode de réalisation de la présente invention porte sur un système de réseau optique passif, sur un terminal de ligne optique, sur un procédé de génération et d'authentification d'informations d'authentification. Le procédé d'authentification consiste à réaliser une télémétrie multiple cyclique entre un dispositif d'extrémité d'abonné et un terminal de ligne optique et obtenir un résultat de détermination d'authentification de distance mesurée par multiple télémétrie cyclique; générer les informations de détermination d'authentification de distance mesurée entre le dispositif d'extrémité d'abonné et le terminal de ligne optique conformément au résultat de détermination d'authentification par télémétrie multiple cyclique; puis, obtenir les informations d'authentification de distance mesurée entre le dispositif d'extrémité d'abonné et le terminal de ligne optique, lesquelles informations sont stockées à l'avance; enfin, comparer les informations de détermination d'authentification de distance mesurée aux informations d'authentification de distance mesurée afin de confirmer le résultat d'authentification. Selon un mode de réalisation de la présente invention, l'augmentation de la différence correspondant à la valeur obtenue par télémétrie multiple cyclique permet d'éviter de devoir assurer un décalage minimun entre la longueur de décalage du terminal de ligne optique, avec pour effet de simplifier la configuration de lignes.
PCT/CN2008/073409 2007-12-19 2008-12-10 Système de réseau optique passif, terminal de ligne optique, procédé de génération et d'authentification d'informations d'authentification WO2009089708A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710032704.7 2007-12-19
CNA2007100327047A CN101465694A (zh) 2007-12-19 2007-12-19 无源光网络***、光线路终端、认证信息生成及认证方法

Publications (1)

Publication Number Publication Date
WO2009089708A1 true WO2009089708A1 (fr) 2009-07-23

Family

ID=40806076

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073409 WO2009089708A1 (fr) 2007-12-19 2008-12-10 Système de réseau optique passif, terminal de ligne optique, procédé de génération et d'authentification d'informations d'authentification

Country Status (2)

Country Link
CN (1) CN101465694A (fr)
WO (1) WO2009089708A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082977B (zh) * 2009-12-01 2014-03-05 中国电信股份有限公司 光网络单元的认证方法和***
CN113993013B (zh) * 2021-11-19 2022-09-16 北京邮电大学 一种基于光纤信道特性与神经网络的pon身份认证方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020060823A1 (en) * 2000-10-24 2002-05-23 Nec Corporation Optical subscriber system and transmission line distance monitoring method
CN1383276A (zh) * 2001-04-25 2002-12-04 华为技术有限公司 Atm无源光网络中测距的实现方法
CN1855813A (zh) * 2005-04-27 2006-11-01 华为技术有限公司 一种认证的实现方法和装置

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020060823A1 (en) * 2000-10-24 2002-05-23 Nec Corporation Optical subscriber system and transmission line distance monitoring method
CN1383276A (zh) * 2001-04-25 2002-12-04 华为技术有限公司 Atm无源光网络中测距的实现方法
CN1855813A (zh) * 2005-04-27 2006-11-01 华为技术有限公司 一种认证的实现方法和装置

Also Published As

Publication number Publication date
CN101465694A (zh) 2009-06-24

Similar Documents

Publication Publication Date Title
US20200328883A1 (en) Domain name blockchain user addresses
CN101360015B (zh) 测试网络设备的方法、***及装置
US8356179B2 (en) Entity bi-directional identificator method and system based on trustable third party
CN100591011C (zh) 一种认证方法及***
JP5257717B2 (ja) 高速ハンドオフをサポートするエンティティ双方向識別方法
US20080022104A1 (en) Method and system for managing network
CN102271134B (zh) 网络配置信息的配置方法、***、客户端及认证服务器
JP4129216B2 (ja) グループ判定装置
CN110602123A (zh) 一种基于微服务的单点证书认证***及方法
CN108805571A (zh) 数据保护方法、平台、区块链节点、***和存储介质
CN110460371B (zh) 光资源核查方法和***
CN102307099A (zh) 认证方法、***及认证服务器
CN108234119A (zh) 一种数字证书管理方法和平台
CN106992986A (zh) 一种混合认证的实现方法和***
CN103780395B (zh) 网络接入证明双向度量的方法和***
CN101114910B (zh) Pon***中的ont/onu认证方法和***
WO2009089708A1 (fr) Système de réseau optique passif, terminal de ligne optique, procédé de génération et d'authentification d'informations d'authentification
CN103905236A (zh) 一种终端定位方法、***及装置
CN102480472B (zh) 企业内网络的应用程序整合登录方法及其验证服务器
CN108834146A (zh) 一种终端与认证网关之间的双向身份认证方法
CN109729048A (zh) 一种联合认证方法、***、相关平台及介质
CN105847218B (zh) 一种控制用户权限的方法、业务平台及***
CN115277001A (zh) 一种共建共享网络的证书分发方法、装置、***及介质
US11218297B1 (en) Onboarding access to remote security control tools
CN102832997B (zh) 一种onu设备的认证方法及以太网无源光网络***

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08870625

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08870625

Country of ref document: EP

Kind code of ref document: A1