Authentication method and apparatus in EPON
First Claim
1. An authentication method in an Ethernet passive optical network (EPON) comprising the steps of:
- (A) causing an optical line terminal (OLT) to receive, from an optical network unit (ONU), a packet informing of the start of an authentication process, and, responsive to that receipt, controlling the OLT to transmit, to the ONU, a packet for requesting an identifier of the ONU;
(B) causing the OLT to receive from the ONU the identifier and to compare the identifier to a previously stored value to determine whether the identifier corresponds to the previously stored value;
(C) transmitting an authentication success packet to the ONU when it is determined at the step (B) that the correspondence exists;
(D) transmitting an authentication failure packet to the ONU when it is determined at the step (B) that the correspondence does not exist; and
(E) after completion of the step (C) or (D), controlling the OLT to inform the ONU that an authentication process has ended.
1 Assignment
0 Petitions
Accused Products
Abstract
Based on link security method to be discussed in IEEE (Institute of Electrical and Electronics Engineers) 802, for which standardization is to progress while centering on IEEE 802.3 and 802.1d, provided is an authentication method capable of allowing an OLT to implement functions of a RADIUS server to authenticate ONUs. An MD-5 algorithm, adapted to be used between the OLT and the RADIUS server, in accordance with its use between the OLT and the ONUs, is simplified so that it is usable in an EPON architecture. A computer-readable recording medium recorded with a program implements the authentication method. The authentication method includes the step of sending a start code from an optical network unit (ONU) to an optical line terminal (OLT). The ONU receives in response a request for an identifier of the ONU. From the ONU'"'"'s response that includes the identifier, the OLT determines whether the authentication succeeds or fails and sends the respective message to the ONU, as well as an additional message informing the ONU that the authentication process has terminated.
-
Citations
20 Claims
-
1. An authentication method in an Ethernet passive optical network (EPON) comprising the steps of:
-
(A) causing an optical line terminal (OLT) to receive, from an optical network unit (ONU), a packet informing of the start of an authentication process, and, responsive to that receipt, controlling the OLT to transmit, to the ONU, a packet for requesting an identifier of the ONU;
(B) causing the OLT to receive from the ONU the identifier and to compare the identifier to a previously stored value to determine whether the identifier corresponds to the previously stored value;
(C) transmitting an authentication success packet to the ONU when it is determined at the step (B) that the correspondence exists;
(D) transmitting an authentication failure packet to the ONU when it is determined at the step (B) that the correspondence does not exist; and
(E) after completion of the step (C) or (D), controlling the OLT to inform the ONU that an authentication process has ended. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An authentication method in an Ethernet passive optical network (EPON) comprising the steps of:
-
(A) controlling an optical network unit (ONU) to transmit, to an optical line terminal (OLT), a packet informing of the start of an authentication process, and causing the ONU to receive, from the OLT, a packet for requesting an identifier of the ONU;
(B) controlling the ONU to transmit to the OLT the identifier of the ONU;
(C) receiving at the ONU an authentication success packet in response to transmission of the authentication success packet when it is determined that a correspondence exists between the identifier and a value previously stored in the OLT, and proceeding with processing at the ONU based on that determination;
(D) receiving at the ONU an authentication success packet in response to transmission of the authentication failure packet when it is determined that the correspondence does not exist, and proceeding with processing at the ONU based on the determination that the correspondence does not exist; and
(E)causing the ONU to receive, from the OLT, a packet informing that an authentication process has ended, the informing packet being sent as a result of said determination of the step (C) or (D). - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An authentication apparatus in an Ethernet passive optical network (EPON) comprising:
-
a bus interface for inputting data from an external router, and outputting data to the external router;
a control unit for receiving an OAM (Operation, Administration and Maintenance) packet in accordance with an authentication process and to control data services for an optical network unit (ONU); and
a downstream unit for switching data received via the bus interface under control of the control unit. - View Dependent Claims (14)
-
-
15. A computer-readable recording medium having, recorded within, a program executable by a processor of an optical line terminal (OLT) of an Ethernet passive optical network (EPON), the program comprising:
-
(A) instructions which, when executed by said processor, cause the OLT to receive, from an optical network unit (ONU), a packet informing of the start of an authentication process, and, responsive to that receipt, controlling the OLT to transmit, to the ONU, a packet for requesting an identifier of the ONU;
(B) instructions which, when executed by said processor, cause the OLT to receive from the ONU the identifier and to compare the identifier to a previously stored value to determine whether the identifier corresponds to the previously stored value;
(C) instructions which, when executed by said processor, cause transmission of an authentication success packet to the ONU when it is determined that the correspondence exists;
(D) instructions which, when executed by said processor, cause transmission of an authentication failure packet to the ONU when it is determined that the correspondence does not exist; and
(E) instructions which, when executed by said processor, control the OLT to inform, after execution of the (C) instructions or the (D) instructions, the ONU that an authentication process has ended. - View Dependent Claims (16, 17)
-
-
18. A computer-readable recording medium having, recorded within, a program executable by a processor of an optical network unit (ONU) of an Ethernet passive optical network (EPON), the program comprising:
-
(A) instructions which, when executed by said processor, control the ONU to transmit, to an optical line terminal (OLT), a packet informing of the start of an authentication process, and cause the ONU to receive, from the OLT, a packet for requesting an identifier of the ONU;
(B) instructions which, when executed by said processor, control the ONU to transmit to the OLT the identifier of the ONU;
(C) instructions which, when executed by said processor, cause the ONU to receive an authentication success packet in response to transmission of the authentication success packet when it is determined that a correspondence exists between the identifier and a value previously stored in the OLT, and to proceed with processing at the ONU based on that determination;
(D) instructions which, when executed by said processor, cause the ONU to receive an authentication failure packet when it is determined that the correspondence does not exist, and to proceed with processing at the ONU based on the determination that the correspondence does not exist; and
(E) instructions which, when executed by said processor, cause the ONU to receive, from the OLT, a packet informing that an authentication process has ended, the informing being sent as a result of the determination that the correspondence does or does not exist. - View Dependent Claims (19, 20)
-
Specification