Optical networks can have thousands of network elements. Administrating (or managing) who has authority to access any particular network element can be a daunting task in large networks. For example, if an individual has a change in his employment status, that individual needs to be given authority to access certain network elements, e.g., in the case of a new hire, or to have his authority revoked, e.g., in the case of terminated employment. In some prior art systems, to accommodate each status change of an individual, a network administrator needs to access each affected network element to update that individual's account on that device (i.e., to add or revoke). The large number of network elements renders this process effectively prohibitive, and so it is typically not done. For situations involving individuals who are terminating employment, failing to revoke authorization leaves a security gap in the network.
To avoid having to update each network element for each change in status, one technique is to create a set of default accounts on each network element. Passwords to access these accounts are only distributed to individuals who require authorization. The passwords are then regularly changed and new passwords distributed only to those who remain authorized. Thus, authority is effectively revoked from individuals who do not receive a new password. This technique, too, has security failings. For one, their distribution makes such passwords known to many individuals, and further, such passwords are often readily guessable. An additional disadvantage is that because various individuals share the password, uncertainty exists as to who actually logged onto a particular network element and performed certain activities while logged on. Thus, there is a need for a secure and non-repudiable system and method for managing access to and granting privileges on particular network elements.