The structure of a PON is that one PON port corresponds to a plurality of optical network units (ONU) that are the PON terminal users, moreover, in the downlink, each ONU is able to receive all the data sent from the Optical Line Terminal (OLT) of office side, and “each ONU” mentioned here might be a legal user or a malicious user:
A user who has legal registration information, and can be activated by interacting messages with the OLT after physically connecting to a certain branch optical fiber of the PON is called a legal user;
A user who doesn't have legal registration information, and neglects the registration request sent from the OLT after physically connecting to a certain branch optical fiber of the PON, but only receives the downlink information is called a malicious user.
If it is a legal user, after connecting physically to one branch optical fiber and before being activated successfully, it still can receive various plaintext data packets sent from the OLT PON port. To date, the PON techniques define some encryption mechanisms, such as the Advanced Encryption Standard (AES) encryption mechanism in the Gigabit-Capable Passive Optical Network (GPON) system or the stirring encryption mechanism and the triple stirring encryption mechanism in the Ethernet Passive Optical Network (EPON) system and so on, these encryption mechanisms, however, are unicast encryption mechanisms. For multicast data (that is, only one service data is sent from the OLT PON port, and all users or part of users who meet the requirements receive and use the service data), there is no effective encryption mechanism right now. Generally, the operators set a universal key in the overall network range to encrypt the services, whose disadvantage is that once the key is acquired by a malicious user, all service content in the overall network will be decrypted and stolen.
The method applied by the operators in the PON right now is to duplicate the multicast service data packets to each PON port and the unicast channel of the ONU, and the unicast mechanism is applied to carry out encryption so as to protect the multicast service data from being stolen by malicious users. This method, however, needs to send the key to each ONU, which increases the burden of the OLT.