Authentication method and apparatus in EPON

US 20040179521A1
Filed: 01/23/2004
Published: 09/16/2004
Est. Priority Date: 03/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. An authentication method in an Ethernet passive optical network (EPON) comprising the steps of:

(A) causing an optical line terminal (OLT) to receive, from an optical network unit (ONU), a packet informing of the start of an authentication process, and, responsive to that receipt, controlling the OLT to transmit, to the ONU, a packet for requesting an identifier of the ONU;

(B) causing the OLT to receive from the ONU the identifier and to compare the identifier to a previously stored value to determine whether the identifier corresponds to the previously stored value;

(C) transmitting an authentication success packet to the ONU when it is determined at the step (B) that the correspondence exists;

(D) transmitting an authentication failure packet to the ONU when it is determined at the step (B) that the correspondence does not exist; and

(E) after completion of the step (C) or (D), controlling the OLT to inform the ONU that an authentication process has ended.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Based on link security method to be discussed in IEEE (Institute of Electrical and Electronics Engineers) 802, for which standardization is to progress while centering on IEEE 802.3 and 802.1d, provided is an authentication method capable of allowing an OLT to implement functions of a RADIUS server to authenticate ONUs. An MD-5 algorithm, adapted to be used between the OLT and the RADIUS server, in accordance with its use between the OLT and the ONUs, is simplified so that it is usable in an EPON architecture. A computer-readable recording medium recorded with a program implements the authentication method. The authentication method includes the step of sending a start code from an optical network unit (ONU) to an optical line terminal (OLT). The ONU receives in response a request for an identifier of the ONU. From the ONU'"'"'s response that includes the identifier, the OLT determines whether the authentication succeeds or fails and sends the respective message to the ONU, as well as an additional message informing the ONU that the authentication process has terminated.

Citations

20 Claims

1. An authentication method in an Ethernet passive optical network (EPON) comprising the steps of:
- (A) causing an optical line terminal (OLT) to receive, from an optical network unit (ONU), a packet informing of the start of an authentication process, and, responsive to that receipt, controlling the OLT to transmit, to the ONU, a packet for requesting an identifier of the ONU;
  
  (B) causing the OLT to receive from the ONU the identifier and to compare the identifier to a previously stored value to determine whether the identifier corresponds to the previously stored value;
  
  (C) transmitting an authentication success packet to the ONU when it is determined at the step (B) that the correspondence exists;
  
  (D) transmitting an authentication failure packet to the ONU when it is determined at the step (B) that the correspondence does not exist; and
  
  (E) after completion of the step (C) or (D), controlling the OLT to inform the ONU that an authentication process has ended.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The authentication method according to claim 1, wherein the identifier of the ONU is a username.
  - 3. The authentication method according to claim 2, wherein each of the packets used in the authentication method includes:
    - a destination address (DA) field for indicating a destination of the packet;
      
      a source address (SA) field for indicating a source of the packet;
      
      a logical link identifier (LLID) field for indicating an LLID;
      
      a type field for indicating an Ethertype of the packet;
      
      a sub-type field for identifying the packet when its type field is identical to those of other packets;
      
      a version field for indicating version information of the packet;
      
      a code field for indicating an authentication operation based on the packet;
      
      a data/protocol data unit (PDU) field for indicating data of the packet; and
      
      a frame check sequence (FCS) field for indicating FCS information for detecting errors of a frame, corresponding to the packet, included in information to be transmitted in the unit of frames, the FCS information being arranged at a tail end of the frame.
  - 4. The authentication method according to claim 3, wherein the code field includes:
    - a value “
      
      0×
      
      00”
      
      for indicating start of an authentication process;
      
      a value “
      
      0×
      
      01”
      
      for indicating a request for authentication contents;
      
      a value “
      
      0×
      
      02”
      
      for indicating transmission of authentication contents;
      
      a value “
      
      0×
      
      03”
      
      for indicating the end of an authentication process;
      
      a value “
      
      0×
      
      04”
      
      for indicating authentication success; and
      
      a value “
      
      0×
      
      05”
      
      for indicating authentication failure.
  - 5. The authentication method according to claim 1, wherein each of the packets used in the authentication method includes:
    - a destination address (DA) field for indicating a destination of the packet;
      
      a source address (SA) field for indicating a source of the packet;
      
      a logical link identifier (LLID) field for indicating an LLID;
      
      a type field for indicating an Ethertype of the packet;
      
      a sub-type field for identifying the packet when its type field is identical to those of other packets;
      
      a version field for indicating version information of the packet;
      
      a code field for indicating an authentication operation based on the packet;
      
      a data/protocol data unit (PDU) field for indicating data of the packet; and
      
      a frame check sequence (FCS) field for indicating FCS information for detecting errors of a frame, corresponding to the packet, included in information to be transmitted in the unit of frames, the FCS information being arranged at a tail end of the frame.
  - 6. The authentication method according to claim 5, wherein the code field includes:
    - a value “
      
      0×
      
      00”
      
      for indicating start of an authentication process;
      
      a value “
      
      0×
      
      01”
      
      for indicating a request for authentication contents;
      
      a value “
      
      0×
      
      02”
      
      for indicating transmission of authentication contents;
      
      a value “
      
      0×
      
      03”
      
      for indicating the end of an authentication process;
      
      a value “
      
      0×
      
      04”
      
      for indicating authentication success; and
      
      a value “
      
      0×
      
      05”
      
      for indicating authentication failure.

7. An authentication method in an Ethernet passive optical network (EPON) comprising the steps of:
- (A) controlling an optical network unit (ONU) to transmit, to an optical line terminal (OLT), a packet informing of the start of an authentication process, and causing the ONU to receive, from the OLT, a packet for requesting an identifier of the ONU;
  
  (B) controlling the ONU to transmit to the OLT the identifier of the ONU;
  
  (C) receiving at the ONU an authentication success packet in response to transmission of the authentication success packet when it is determined that a correspondence exists between the identifier and a value previously stored in the OLT, and proceeding with processing at the ONU based on that determination;
  
  (D) receiving at the ONU an authentication success packet in response to transmission of the authentication failure packet when it is determined that the correspondence does not exist, and proceeding with processing at the ONU based on the determination that the correspondence does not exist; and
  
  (E)causing the ONU to receive, from the OLT, a packet informing that an authentication process has ended, the informing packet being sent as a result of said determination of the step (C) or (D).
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The authentication method according to claim 7, wherein the identifier of the ONU is a username.
  - 9. The authentication method according to claim 8, wherein each of the packets used in the authentication method includes:
    - a destination address (DA) field for indicating a destination of the packet;
      
      a source address (SA) field for indicating a source of the packet;
      
      a logical link identifier (LLID) field for indicating an LLID;
      
      a type field for indicating an Ethertype of the packet;
      
      a sub-type field for identifying the packet when its type field is identical to those of other packets;
      
      a version field for indicating version information of the packet;
      
      a code field for indicating an authentication operation based on the packet;
      
      a data/protocol data unit (PDU) field for indicating data of the packet; and
      
      an frame check sequence (FCS) field for indicating FCS information for detecting errors of a frame, corresponding to the packet, included in information to be transmitted in the unit of frames, the FCS information being arranged at a tail end of the frame.
  - 10. The authentication method according to claim 9, wherein the code field includes:
    - a value “
      
      0×
      
      00”
      
      for indicating start of an authentication process;
      
      a value “
      
      0×
      
      01”
      
      for indicating a request for authentication contents;
      
      a value “
      
      0×
      
      02”
      
      for indicating transmission of authentication contents;
      
      a value “
      
      0×
      
      03”
      
      for indicating an end of an authentication process;
      
      a value “
      
      0×
      
      04”
      
      for indicating authentication success; and
      
      a value “
      
      0×
      
      05”
      
      for indicating authentication failure.
  - 11. The authentication method according to claim 7, wherein each of the packets used in the authentication method includes:
    - a destination address (DA) field for indicating a destination of the packet;
      
      a source address (SA) field for indicating a source of the packet;
      
      a logical link identifier (LLID) field for indicating an LLID;
      
      a type field for indicating an Ethertype of the packet;
      
      a sub-type field for identifying the packet when its type field is identical to those of other packets;
      
      a version field for indicating version information of the packet;
      
      a code field for indicating an authentication operation based on the packet;
      
      a data/protocol data unit (PDU) field for indicating data of the packet; and
      
      an frame check sequence (FCS) field for indicating FCS information for detecting errors of a frame, corresponding to the packet, included in information to be transmitted in the unit of frames, the FCS information being arranged at a tail end of the frame.
  - 12. The authentication method according to claim 11, wherein the code field includes:
    - a value “
      
      0×
      
      00”
      
      for indicating start of an authentication process;
      
      a value “
      
      0×
      
      01”
      
      for indicating a request for authentication contents;
      
      a value “
      
      0×
      
      02”
      
      for indicating transmission of authentication contents;
      
      a value “
      
      0×
      
      03”
      
      for indicating an end of an authentication process;
      
      a value “
      
      0×
      
      04”
      
      for indicating authentication success; and
      
      a value “
      
      0×
      
      05”
      
      for indicating authentication failure.

13. An authentication apparatus in an Ethernet passive optical network (EPON) comprising:
- a bus interface for inputting data from an external router, and outputting data to the external router;
  
  a control unit for receiving an OAM (Operation, Administration and Maintenance) packet in accordance with an authentication process and to control data services for an optical network unit (ONU); and
  
  a downstream unit for switching data received via the bus interface under control of the control unit.
- View Dependent Claims (14)
- - 14. The authentication apparatus according to claim 13, wherein the control unit controls a switching operation of a downstream port included in the downstream unit, based on the received OAM packet, a logical link ID (LLID) and an ACT (Authentication Control Table) and according to an ALTM (Address Lookup Table Management) protocol.

15. A computer-readable recording medium having, recorded within, a program executable by a processor of an optical line terminal (OLT) of an Ethernet passive optical network (EPON), the program comprising:
- (A) instructions which, when executed by said processor, cause the OLT to receive, from an optical network unit (ONU), a packet informing of the start of an authentication process, and, responsive to that receipt, controlling the OLT to transmit, to the ONU, a packet for requesting an identifier of the ONU;
  
  (B) instructions which, when executed by said processor, cause the OLT to receive from the ONU the identifier and to compare the identifier to a previously stored value to determine whether the identifier corresponds to the previously stored value;
  
  (C) instructions which, when executed by said processor, cause transmission of an authentication success packet to the ONU when it is determined that the correspondence exists;
  
  (D) instructions which, when executed by said processor, cause transmission of an authentication failure packet to the ONU when it is determined that the correspondence does not exist; and
  
  (E) instructions which, when executed by said processor, control the OLT to inform, after execution of the (C) instructions or the (D) instructions, the ONU that an authentication process has ended.
- View Dependent Claims (16, 17)
- - 16. The medium according to claim 15, wherein the identifier of the ONU is a username.
  - 17. The medium according to claim 16, wherein each of the packets used in the authentication method includes:
    - a destination address (DA) field for indicating a destination of the packet;
      
      a source address (SA) field for indicating a source of the packet;
      
      a logical link identifier (LLID) field for indicating an LLID;
      
      a type field for indicating an Ethertype of the packet;
      
      a sub-type field for identifying the packet when its type field is identical to those of other packets;
      
      a version field for indicating version information of the packet;
      
      a code field for indicating an authentication operation based on the packet;
      
      a data/protocol data unit (PDU) field for indicating data of the packet; and
      
      a frame check sequence (FCS) field for indicating FCS information for detecting errors of a frame, corresponding to the packet, included in information to be transmitted in the unit of frames, the FCS information being arranged at a tail end of the frame.

18. A computer-readable recording medium having, recorded within, a program executable by a processor of an optical network unit (ONU) of an Ethernet passive optical network (EPON), the program comprising:
- (A) instructions which, when executed by said processor, control the ONU to transmit, to an optical line terminal (OLT), a packet informing of the start of an authentication process, and cause the ONU to receive, from the OLT, a packet for requesting an identifier of the ONU;
  
  (B) instructions which, when executed by said processor, control the ONU to transmit to the OLT the identifier of the ONU;
  
  (C) instructions which, when executed by said processor, cause the ONU to receive an authentication success packet in response to transmission of the authentication success packet when it is determined that a correspondence exists between the identifier and a value previously stored in the OLT, and to proceed with processing at the ONU based on that determination;
  
  (D) instructions which, when executed by said processor, cause the ONU to receive an authentication failure packet when it is determined that the correspondence does not exist, and to proceed with processing at the ONU based on the determination that the correspondence does not exist; and
  
  (E) instructions which, when executed by said processor, cause the ONU to receive, from the OLT, a packet informing that an authentication process has ended, the informing being sent as a result of the determination that the correspondence does or does not exist.
- View Dependent Claims (19, 20)
- - 19. The medium according to claim 18, wherein the identifier of the ONU is a username.
  - 20. The medium according to claim 19, wherein each of the packets used in the authentication method includes:
    - a destination address (DA) field for indicating a destination of the packet;
      
      a source address (SA) field for indicating a source of the packet;
      
      a logical link identifier (LLID) field for indicating an LLID;
      
      a type field for indicating an Ethertype of the packet;
      
      a sub-type field for identifying the packet when its type field is identical to those of other packets;
      
      a version field for indicating version information of the packet;
      
      a code field for indicating an authentication operation based on the packet;
      
      a data/protocol data unit (PDU) field for indicating data of the packet; and
      
      a frame check sequence (FCS) field for indicating FCS information for detecting errors of a frame, corresponding to the packet, included in information to be transmitted in the unit of frames, the FCS information being arranged at a tail end of the frame.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Kim, Young-Seok, Oh, Yun-Je, Kim, Su-Hyung

Application Number

US10/763,872
Publication Number

US 20040179521A1
Time in Patent Office

Days
Field of Search
US Class Current

370/384
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/162   at the data link layer

H04Q 11/0067   Provisions for optical acce...

H04Q 2011/0079   Operation or maintenance as...

Authentication method and apparatus in EPON

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method and apparatus in EPON

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links