JP2003298571A - Encryption communication system, transmission apparatus, receiving apparatus, and multi-branching communication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption communication system wherein encryption is hardly decoded and to provide a transmission apparatus, a receiving apparatus, and a multi-branching communication system. <P>SOLUTION: An APON system comprises an OLT (Optical Line Termination) transmitter 101 for encrypting data and broadcasting the resulting data and a plurality of ONU (Optical Network Unit) transmitters 102 for receiving and decoding the encrypted data. An encryption section 129 of the OLT transmitter 101 respectively encrypts each range of divisions of transmitted data by using a plurality of encryption keys and a decoding section 132 of each ONU transmitter 102 respectively decodes each range of divisions of the received data by using a plurality of encryption keys. Through the configuration above, data can be encrypted by using a plurality of the encryption keys so as to hardly decode the encryption and enhance the security. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encrypted communication system, a transmitter, a receiver and a multi-branch communication system for encrypting and transmitting data.

[0002]

2. Description of the Related Art FIG. 983.
APON (ATM-PON (Asy
nchronous Transfer Mode-Pa
It is a figure which shows the structure of a (sive Optical Network)) system. In this APON system, an OLT transmission device 3 installed on the station side and a plurality of ONU transmission devices 4 installed on the subscriber side are connected via an optical coupler 5 and an optical fiber 6. The upstream signal from the ONU transmission device 4 to the OLT transmission device 3 is time-division multiplexed by the optical coupler 5 and is transmitted.
The downlink signal to the NU transmission device 4 is broadcasted. The upstream signal and the downstream signal are wavelength-multiplexed and transmitted in a common optical fiber.

In this way, the OLT transmitter 3 to the ONU
Since the downlink signal to the transmission device 4 is broadcast-transmitted, it is necessary to conceal the downlink signal to the specific ONU transmission device 4 from another ONU transmission device 4. In the APON system, the downlink signal is concealed by encrypting and transmitting the downlink signal.

FIG. 11 is a diagram showing a format of an ATM cell used for ATM data communication. ATM cells consist of overhead and payload parts. The payload portion further includes data and the like and a CRC operation code. The OLT transmission device 3 encrypts the payload portion excluding the overhead of the downlink signal using the encryption key generated in each ONU transmission device 4, and transmits it to each ONU transmission device 4. Each ONU transmission device 4 confirms from the overhead that it is an ATM cell addressed to its own ONU transmission device 4, and decrypts only the ATM cells addressed to its own ONU transmission device 4. Multiple O
Since the NU transmission device 4 uses mutually different encryption keys, another ONU transmission device 4 cannot decrypt the encryption and can conceal the data.

In addition to this, as prior art to the present invention,
JP-A-11-55245 and JP-A-9-252320
Etc.

[0006]

As described above, the conventional A
In the PON system, since each ONU transmission device 4 uses a single encryption key for encryption, there is a possibility that the encryption can be deciphered relatively easily.

For example, when an encryption key having a length of 14 bits is used, it is possible to identify the encryption key, that is, decrypt the encryption by trying decryption with up to 2 14 different encryption keys.

An object of the present invention is to provide an encrypted communication system, a transmission device, a reception device and a multi-branch communication system which are hard to break.

[0009]

SUMMARY OF THE INVENTION The present invention is an encrypted communication system comprising a transmitter for encrypting and transmitting data and a receiver for receiving and decrypting encrypted data, the transmitter comprising: Equipped with an encryption unit that encrypts each range that divides the data to be transmitted with multiple encryption keys,
The receiving device is characterized by including a decryption unit that decrypts each of the ranges obtained by dividing the received data with the plurality of encryption keys.

Further, in the encrypted communication system of the present invention, the receiving device includes an encryption control unit for instructing the decrypting unit of a plurality of encryption keys for decrypting the received data and for notifying the transmitting device. Includes an encryption control unit that instructs the encryption unit to use the plurality of encryption keys notified from the receiving device as encryption keys for encrypting data to be transmitted.

Further, in the encrypted communication system of the present invention, the encryption control unit of the transmission device instructs the encryption unit of each range in which the data to be transmitted is divided and notifies the reception device of the encryption control. The section instructs the decoding section to use each of the ranges notified from the transmission device as each of the ranges for decoding the received data.

Further, in the encrypted communication system of the present invention, the cipher control section of the receiving device instructs the deciphering section of each range into which the data to be transmitted is divided, and notifies the transmitting apparatus of the cipher control section of the transmitting device. Is characterized by instructing the encryption unit to each of the ranges notified from the receiving device as each range for encrypting the data to be transmitted.

Further, the present invention is a transmitter for encrypting and transmitting data, characterized by comprising an encryption section for encrypting each range in which the data to be transmitted is divided with a plurality of encryption keys. It is a thing.

Further, according to the present invention, there is provided a receiving device for receiving and decrypting encrypted data, which is provided with a decryption unit for decrypting each of the divided ranges of the received data with a plurality of encryption keys. It is what

Further, the present invention is a multi-branch communication system comprising a master station device for encrypting and transmitting data in a broadcast manner and a plurality of slave station devices for receiving and decrypting encrypted data, which is a master station device. Includes an encryption unit that encrypts each range into which the data to be transmitted is divided with a plurality of encryption keys, and the slave station device decrypts each range into which the received data is divided, with each of the plurality of encryption keys. It is characterized by including a decoding unit.

Further, the multi-branch communication system of the present invention is characterized in that the master station and the slave station are an OLT transmission apparatus and an ONU transmission apparatus defined in ITU-T Recommendation G983.1.

Further, in the multi-branching communication system of the present invention, a plurality of encryption keys generated in the ONU transmission device are OL-used by using the spare area of the new tuning key message.
The feature is that the T transmission device is notified.

In the multi-branch communication system of the present invention, the range of data to be encrypted with each encryption key is transferred from the OLT transmission device to the O area by using the spare area of the chain VP message.
The feature is that the NU transmission device is notified.

[0019]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiment 1. FIG. 1 is a configuration diagram of an APON system according to the first embodiment of the present invention.
The APON system described here is ITU-T G98
It is an extension of the APON system specified in 3.1. In FIG. 1, 101 is an OLT transmission device, 1
Reference numeral 02 is an ONU transmission device, 103 is an optical coupler, 104 is an optical fiber, and a plurality of ONU transmission devices 102 are connected to one OLT transmission device 101 via the optical fiber 104 and the optical coupler 103.

Next, the configuration of the OLT transmission device 101 will be described. The OLT transmission device 101 includes a cipher control unit 10
5, PLOAM cell generation unit 108, encryption unit 129, downlink frame generation unit 110, uplink frame termination unit 121,
It has a PLOAM cell termination unit 122. A message generation signal 106 is output from the encryption control unit 105 to the PLOAM cell generation unit 108. Reference numeral 107 is a cipher control signal output from the cipher control unit 105 to the encryption unit 129. A PLOAM cell signal 109 is output from the PLOAM cell generation unit 108 to the downlink frame generation unit 110. 123 is message information output from the PLOAM cell terminating unit 122 to the encryption control unit 105. 1
Reference numeral 11 is a downlink main signal, and 120 is an uplink main signal.
Further, 125 is a downstream input signal, and 128 is an upstream output signal.

Next, the configuration of the ONU transmission device 102 will be described. The ONU transmission device 102 includes the cipher control unit 11
6, a PLOAM cell terminating unit 113, a downlink frame terminating unit 114, an uplink cell generating unit 118, a PLOAM cell generating unit 131, and a decoding unit 132. 115 is PLOAM
The message information is output from the cell terminating unit 113 to the encryption control unit 116. Reference numeral 117 is a control signal output from the encryption control unit 116 to the PLOAM cell generation unit 131. A cipher control signal 124 is output from the cipher control unit 116 to the decryption unit 132. A PLOAM cell signal 130 is output from the PLOAM cell generation unit 131 to the upstream cell generation unit 118.

FIG. 2 is a block diagram of the encryption unit shown in FIG.
The encryption unit 129 has an encryption processing control unit 133, a first key encryption processing unit 134, and a second key encryption processing unit 135. The encryption processing control unit 133 receives the encryption control signal from the encryption control unit 105, and sends the encryption key information and the range of data to be encrypted to the first key encryption processing unit 134 and the second key encryption processing unit 135, respectively. And an encryption processing control signal including information regarding The first key encryption processing unit 134
The encryption process is performed on the range of the data designated by the designated first key. The second key encryption processing unit 135 performs an encryption process on the range of the data designated by the designated second key.

The decrypting unit in FIG. 1 also has the same configuration as the encrypting unit in FIG. 2, and decrypts the encrypted data by the similar operation.

FIG. 3 is a diagram showing the range of ATM cells to be encrypted. ATM cells consist of an overhead 150 and a payload portion. The payload portion further includes data 151 and the like and a CRC operation code 152.
Of these, the range of the data 151 and the like is encrypted with the first key, and the range of the CRC operation code 152 is encrypted with the second key.

FIG. 4 is a diagram for explaining an upstream signal and a downstream signal of the APON system. In the APON system, time-division multiplexing access control is performed on an upstream signal from the ONU transmission device 102 to the OLT transmission device 101, and the OLT transmission device 101 transmits the access control to the ONU transmission device 1.
Broadcast transmission is performed for the downlink signal to 02. OLT
The access control performed on the upstream signal from the transmission device 101 is such that when the fixed length ATM cells as the upstream signal from each ONU transmission device 102 are time-division multiplexed on the optical coupler 33, the mutual upstream signals are transmitted. This is a control to prevent collision. The broadcast transmission of the downlink signal is to transmit the downlink signal addressed to all the ONU transmission devices 102 to all the ONU transmission devices 102.

FIG. 5 is a diagram showing a frame format. The upper part of the figure shows the format of the downstream frame, and the lower part of the figure shows the format of the upstream frame.

Next, the operation of the APON system will be described.

FIG. 6 is a diagram showing a message flow for updating the encryption key. FIG. 7 is a diagram showing a format of each message included in the PLOAM cell. PLOAM (Physi
cal Layer Operations, Admin
(estration and Maintenance)
The cell is used and is done by the message in the PLOAM cell.

First, the encryption control unit 105 of the OLT transmission apparatus 101 sends the new tuning key request message (new_turning_key_message) to the PLOAM cell generation unit 106 using the message generation signal 106.
Request generation of a PLOAM cell including a request message). Then, the PLOAM cell generation unit 1
In 08, new_turning_key_re
generate a quest Message PLOAM cell,
It is sent to the downlink frame generator 109. Then, in the downlink frame generator 110, the PLOAM is added to the downlink main signal 111.
A cell is inserted and transmitted to each ONU transmission device.

In the ONU transmission device 102, the new_c in the PLOAM cell at the PLOAM cell terminating unit 113 is used.
turning_key_request Message
e and extracts the message information 115 to the encryption control unit 116.
To send. Then, a new key message (new_churning_key Message) for generating two types of keys in the encryption control unit 116 and notifying the two types of encryption keys generated by the encryption control unit 116.
Is transmitted three times, the uplink cell generation unit 118 outputs the PLO
The message control signal 117 is transmitted to generate an AM cell. The two types of encryption key information are new_churn
ing_key Notification is made using the spare area of the Message. In the uplink cell generation unit 118, new_chu
A PLOAM cell including a running key message is generated and transmitted to the OLT transmission apparatus 101 three times.

In the OLT transmission apparatus 101, new_ch
PLOAM including turning_key Message
Receive cells. The PLOAM cell terminating unit 122 extracts the message and transmits the message information 123 to the encryption control unit 105. When the cipher control unit 105 receives the cipher key information, a channel key update message (turning_key_update message).
to generate a PLOAM cell containing
The message generation signal 106 is sent to the AM cell generation unit 108. Then, the PLOAM cell generation unit 108 turns the channel.
P including ing_key_update message
LOAM cells are generated and sent to the downlink frame generator 110. Then, the downlink frame generator 110 inserts the downlink main signal 111 into the downlink main signal 111 and transmits the downlink main signal 111 to each ONU transmission apparatus.

Further, in the OLT transmission apparatus 101, a channel indicating a VP (Virtual Path) to be encrypted by the encryption control unit 105 to the PLOAM cell generation unit 108.
Bound VP message (turned_VP message)
send message generation signal 106 to generate a PLOAM cell containing the ge). In the ONU transmission device 102,
PLOAM with a tuned_VP message
When the cell is received, the PLOAM cell terminating unit 113 extracts the message and sends the encrypted VP information and the cryptographic range information of the two cryptographic keys to the cryptographic control unit 116.

The new cryptographic key is the third
16 × T from g_key_update message
It becomes valid after frame.

When the downstream input signal 125 is input to the OLT transmission device 101 after the new encryption key becomes valid, the encryption unit 129 notifies the ONU transmission device of the VP cell for each ONU transmission device of the encryption. Encryption is performed using two types of encryption keys corresponding to each range. As for the main signal, the downlink frame generator 110 generates a downlink main signal 111, and broadcasts the same to each ONU transmission device.

The downlink frame terminating unit 114 of the ONU transmission device 102 recognizes the cell addressed to the own ONU transmission device from the cell overhead 150, and decrypts only the cells addressed to the own ONU transmission device using two types of encryption keys. To do. At that time, the encryption range information of the two encryption keys notified by the turned_VP message is used. The decrypted data is output as the downlink output main signal 126.

As described above, according to the first embodiment, 2
Since encryption is performed using different types of encryption keys, it is possible to provide a highly confidential system that is more difficult to decrypt. For example, if both the first key and the second key have a length of 14 bits, it is necessary to perform a maximum of 2 28 powers to specify the key.

The encryption range is set to the OLT transmission device 101.
In the above description, the ONU transmission device 102 is determined and notified to the ONU transmission device 102. However, conversely, the ONU transmission device 102 that generates a cipher may be configured to determine the encryption range and notify the OLT transmission device 101. In this case, the notification means is new_turning_key Message.
May be used.

Although the CRC operation code is set to the second key encryption range and the other payloads are set to the first key encryption range, the present invention is not limited to this. Furthermore, it is possible to change the encryption range sequentially. The confidentiality of the data can be further enhanced by sequentially changing the encryption range.

Embodiment 2. FIG. 8 is a diagram showing the configuration of the encryption unit according to the second embodiment of the present invention. Although the configuration of the encryption unit is shown in FIG. 2 in the first embodiment, the configuration of the encryption unit is shown in FIG. 8 in the second embodiment.

The encryption unit 129 is the encryption processing control unit 14
1, selection circuit 142, first key encryption processing unit 143, second
It has a key encryption processing unit 144 and a main signal reconstruction unit 145. The encryption processing control unit 141 receives the encryption control signal from the encryption control unit 105, instructs the first key encryption processing unit 143 and the second key encryption processing unit 144 about the encryption key information, and performs encryption. The selection processing circuit 142 is instructed to perform an encryption processing control signal including information regarding the range of data. The selection circuit 142 sets the data within the encryption range corresponding to the first key to the first key encryption processing unit 14 according to the instruction of the encryption processing control signal.
3 and the data within the encryption range corresponding to the second key is distributed to the second key encryption processing unit 144. The first key encryption processing unit 143 performs an encryption process on the data received from the selection circuit 142 with the first key. Second key encryption processing unit 14
4 performs an encryption process on the data received from the selection circuit 142 with the second key. The main signal reconstructing unit 145 uses the encrypted data output from the first key encryption processing unit 143 and the second data.
The encrypted data output from the key encryption processing unit 144 is combined to form the main signal again.

The decryption unit also has the same configuration as the encryption unit of FIG. 8, and decrypts the encrypted data by the same operation.

Embodiment 3. FIG. 9 is a configuration diagram of a PON system according to the third embodiment of the present invention. Although the first and second embodiments relate to the APON system that handles ATM cells, the third embodiment relates to the PON system that handles general packets. In FIG.
Reference numeral 51 is an OLT transmission device, 52 is an ONU transmission device, 53 is an optical coupler, 54 is an optical fiber, and a plurality of ONU transmission devices 52 are connected to one OLT transmission device 51 via an optical fiber 54 and an optical coupler 53. To be done.

Next, the configuration of the OLT transmission device 51 will be described. The OLT transmission device 51 includes a cipher control unit 55, P
LOAM packet generator 57, downlink packet generator 5
8, an upstream packet terminating unit 69, a PLOAM packet terminating unit 74, and an encryption unit 81. 56 is the encryption control unit 5
5 is an encryption control signal output to the encryption unit 81.
72 is extracted by the upstream packet terminating unit 69, and P
Upstream PLOA output to LOAM packet termination unit 74
It is an M packet signal. The encryption key information 75 is output from the PLOAM packet terminating unit 74 to the encryption control unit 55. A message generation signal 76 is output from the encryption control unit 55 to the PLOAM packet generation unit 57. 7
A PLOAM packet 7 is output from the PLOAM packet generator 57 to the downlink packet generator 58. 5
Reference numeral 9 is a downlink main signal, and 68 is an uplink main signal. Further, 73 is a downlink input signal, and 70 is an uplink output signal.

Next, the configuration of the ONU transmission device 52 will be described. The ONU transmission device 52 includes a cipher control unit 62, a downlink packet termination unit 61, an uplink packet generation unit 66, and a PL.
It has an OAM packet termination unit 78, a decoding unit 82, and a PLOAM packet generation unit 83. Reference numeral 63 is an encryption control signal output from the encryption control unit 62 to the decryption unit 82. 71
Is a PLOAM packet generator 83 from the encryption controller 62.
This is the encryption key information output to. 79 is encryption key information output from the PLOAM packet terminating unit 78 to the encryption control unit 62. A PLOAM packet 80 is extracted by the downlink packet termination unit 61 and output to the encryption control unit 62. Reference numeral 60 is a downlink main signal, and 67 is an uplink main signal. Further, 64 is a downlink output signal, and 65 is an uplink input signal.

Next, the operation will be described.

The exchange regarding the encryption key such as the update of the encryption key is performed by using the PLOAM packet and the message in the PLOAM packet. First, the OLT transmission device 51
PLOAM packet generator 57 from encryption controller 55
To the new key request message (new_key_request Me using the message generation signal 77).
request generation of a PLOAM packet containing a message. New_k in the PLOAM packet generator 75
PLOAM with ey_request Message
A packet is generated and sent to the downlink packet generator 58. In the downlink packet generator 58, PLO is applied to the downlink main signal 59.
An AM packet is inserted and transmitted to each ONU transmission device 52.

In the ONU transmission device 52, the PLOAM packet is extracted at the downlink packet termination unit 61,
The OAM packet signal 80 is transferred to the PLOAM packet terminating unit 7
Send to 8. The new_key_request Mess in the packet at the PLOAM packet terminator 78
age is extracted, the encryption key information 79 is sent to the encryption control unit 62, and the encryption key generation is requested. In the cipher control unit 62,
Generate two types of encryption keys. The two types of generated keys are transmitted to the upstream packet generator 66 as encryption key information.
Further, the range of encryption of the generated first key and second key is similarly transmitted. Then, the encryption key and the encryption range information are notified to the decryption unit 82 using the encryption control signal 63. The PLOAM packet generation unit 83 generates a PLOAM packet for notifying the OLT transmission device 51 of the two encryption keys and the encryption range information, and the upstream packet generation unit 66.
Send to. The upstream packet generator 66 inserts the PLOAM packet received from the PLOAM packet generator 83 into the upstream main signal 67 and sends it to the OLT transmission device 51.

In the OLT transmission device 51, the upstream packet termination unit 69 extracts the upstream PLOAM packet of each ONU transmission device 52 and outputs the upstream PLOAM packet signal 72 to the PLOAM packet termination unit 74. In the PLOAM packet terminal unit 74, two new encryption keys and encryption range information of the two encryption keys are extracted,
The encryption control unit 55 is notified of the encryption key and the encryption range information.
The encryption control unit 55 instructs the encryption unit 81 about two types of encryption keys and encryption range information of each ONU transmission device 52.

In the encryption unit 81 in the OLT transmission device 51, the downlink input main signal is sent to the first ONU transmission device 52 according to the instruction from the encryption control unit 55 in accordance with the instruction from the encryption control unit 55.
The encryption range corresponding to the key is encrypted with the first key, and the encryption range corresponding to the second key is encrypted with the second key. In this way, the downlink main signal 59 is generated, and each ONU transmission device 52 is generated.
Broadcast to.

On the other hand, in the ONU transmission device 52, the decoding unit 8
In 2, the packet addressed to the own ONU transmission device 52 is recognized from the overhead of the packet, and the downstream packet addressed to the own ONU is decrypted with the same encryption key as the first key and the second key notified to the OLT transmission device 51. That is, according to an instruction from the encryption control unit 62, the encryption range corresponding to the first key is encrypted with the first key, and the encryption range corresponding to the second key is encrypted with the second key. In this way, the ONU transmission device 52 generates and outputs the downlink output main signal 64.

Except for the configuration and operation described above, the first or second embodiment is generalized to handle a packet instead of an ATM cell, and since it is almost the same, description thereof will be omitted.

As described above, according to the third embodiment, as with the first and second embodiments, since the encryption is performed using the two types of encryption keys, it is more difficult to decipher,
It is possible to provide a highly confidential system.

Although the encryption range is determined by the ONU transmission device 52 and notified to the OLT transmission device 51, conversely, the encryption range is determined by the OLT transmission device 51 for encryption and ONU transmission is performed. It may be configured to notify the device 52.

[0054]

As described above, according to the present invention, the transmitting device is provided with the encryption unit for respectively encrypting each range in which the data to be transmitted is divided by the plurality of encryption keys, and the received data is divided into By providing the receiving device with the decryption unit that decrypts the range with each of the plurality of encryption keys, the data can be encrypted with the plurality of encryption keys, and the encryption is more difficult to be decrypted and the confidentiality is improved. it can.

Further, according to the present invention, the receiving device is provided with an encryption control unit for instructing the decrypting unit of a plurality of encryption keys for decrypting the received data and notifying the transmitting device.
By providing the transmission device with an encryption control unit that instructs the encryption unit to use the plurality of encryption keys notified from the reception device as encryption keys for encrypting the data to be transmitted, the transmission device and the reception device can be A matching encryption key can be used. Further, since the receiving apparatus can generate a desired cipher and use the cipher in the transmitting apparatus, the cipher key can be changed while referring to the decryption result.

Further, according to the present invention, the encryption control unit of the transmission device instructs the encryption unit of each range in which the data to be transmitted is divided and notifies the reception device, and the encryption control unit of the reception device is , The above range notified from the transmitting device,
By instructing the decryption unit as each range for decrypting the received data, it is possible to encrypt the encryption range that the transmitter and the receiver match.

Further, according to the present invention, the cipher control section of the receiving device instructs the deciphering section of each range in which the data to be transmitted is divided and notifies the transmitting apparatus, and the cipher control section of the transmitting device By instructing the encryption unit to use the respective ranges notified from the receiving device as the respective ranges for encrypting the data to be transmitted, it is possible to perform encryption for the same encrypted range between the transmitting device and the receiving device. .

Further, according to the present invention, since the transmitting device is provided with the encryption unit for encrypting each range in which the data to be transmitted is divided with the plurality of encryption keys, the data is encrypted with the plurality of encryption keys. Therefore, it is possible to improve the confidentiality by making the encryption more difficult to be decrypted.

Further, according to the present invention, since the receiving device is provided with the decryption unit for decrypting each range obtained by dividing the received data with the plurality of encryption keys, the data can be decrypted with the plurality of encryption keys. Therefore, it is possible to improve the confidentiality by making the code more difficult to decipher.

Further, according to the present invention, the master station device constituting the multi-branch communication system is provided with an encryption unit for encrypting each range in which the data to be transmitted is divided with a plurality of encryption keys, and the multi-branch is also provided. In the slave station device that constitutes the communication system,
By providing a decryption unit that decrypts each of the ranges obtained by dividing the received data with a plurality of encryption keys, the data can be decrypted with a plurality of encryption keys, making the encryption more difficult to decrypt and keeping confidentiality. Can be improved.

Further, according to the present invention, the master station device and the slave station device are the OLT transmission device and the ONU transmission device defined in ITU-T Recommendation G983.1, so that the data can be encrypted with a plurality of encryption keys. The above-mentioned encrypted communication system for encrypting the above can be applied to the APON system defined in ITU-T Recommendation G983.1.

According to the present invention, the encryption key is transmitted by notifying the OLT transmission device of a plurality of encryption keys generated by the ONU transmission device by using the spare area of the new tuning key message. It is possible to secure a message area for doing so and reliably transmit the encryption key.

Further, according to the present invention, the range of data to be encrypted by each encryption key is notified from the OLT transmission device to the ONU transmission device by using the spare area of the chaned VP message, so that the encryption range It is possible to secure a message area for transmitting, and reliably transmit the encryption range.

[Brief description of drawings]

FIG. 1 is a configuration diagram of an APON system according to a first embodiment of the present invention.

FIG. 2 is a configuration diagram of an encryption unit in FIG.

FIG. 3 is a diagram showing a range of an ATM cell to be encrypted.

FIG. 4 is a diagram illustrating an upstream signal and a downstream signal of the APON system.

FIG. 5 is a diagram showing a frame format.

FIG. 6 is a diagram showing a message flow for updating an encryption key.

FIG. 7 is a diagram showing a format of each message included in a PLOAM cell.

FIG. 8 is a diagram showing a configuration of an encryption unit according to the second embodiment of the present invention.

FIG. 9 is a configuration diagram of a PON system according to a third embodiment of the present invention.

FIG. 10 ITU-T Recommendation G. It is a figure which shows the structure of the APON system described in 983.1.

FIG. 11 is a diagram showing a format of an ATM cell used for ATM data communication.

[Explanation of symbols]

3 OLT transmission equipment 4 ONU transmission device 5 Optical coupler 6 optical fiber 51 OLT transmitter 52 ONU transmission device 53 Optical coupler 54 optical fiber 55 Encryption control unit 56 encryption control signal 57 PLOAM packet generator 58 Downstream packet generation 59 Downstream main signal 60 Downward main signal 61 Downlink packet termination unit 62 encryption control unit 63 Encryption control signal 64 Downstream output main signal 65 Upstream input main signal 66 upstream packet generator 67 upstream main signal 68 Upstream main signal 69 upstream packet termination 70 Upstream output main signal 71 Encryption key information 72 Encryption key information 73 Downstream input main signal 74 PLOAM packet termination unit 75 Encryption key information 76 Message generation signal 77 PLOAM packet signal 78 PLOAM packet terminator 79 Encryption key information 80 Downlink PLOAM packet signal 81 Encryption unit 82 Decryption unit 83 PLOAM packet generator 101 OLT transmission device 102 ONU transmission device 103 Optical coupler 104 optical fiber 105 encryption control unit 106 message generation signal 107 encryption control signal 108 PLOAM cell generator 109 PLOAM cell signal 110 Downstream frame generator 111 Downlink main signal 112 Downlink main signal 113 PLOAM cell termination unit 114 downstream frame end 115 Message information 116 encryption control unit 117 message control signal 118 Uplink cell generator 119 Upward main signal 120 upstream main signal 121 Upstream frame termination section 122 PLOAM cell termination unit 123 Message information 124 Cryptographic control signal 125 Downstream input main signal 126 Downstream output main signal 127 Upstream input main signal 128 upstream output signal 129 Encryption unit 130 PLOAM cell signal 131 PLOAM cell generator 132 decryption unit 133, 141 Encryption processing control unit 134, 143 First key encryption processing unit 135, 144 Second key encryption processing unit 142 selection circuit 145 Main signal reconstruction unit 150 overhead 151 data etc. 152 CRC operation code

Claims (10)

[Claims] 1. An encrypted communication system comprising a transmitting device for encrypting and transmitting data and a receiving device for receiving and decrypting encrypted data, wherein the transmitting device is a range in which data to be transmitted is divided. Is provided with an encryption unit for encrypting each of the ranges with the plurality of encryption keys, and the receiving device is provided with a decryption unit for decrypting each of the ranges obtained by dividing the received data with the plurality of encryption keys. Communication system. 2. The receiving device includes an encryption control unit for instructing the decrypting unit of a plurality of encryption keys for decrypting the received data and for notifying the transmitting device, and the transmitting device is notified by the receiving device. The encryption communication system according to claim 1, further comprising an encryption control unit that instructs the encryption unit to use the plurality of encryption keys as encryption keys for encrypting data to be transmitted. 3. The encryption control unit of the transmitting device notifies the encrypting unit of each range into which the data to be transmitted is divided and notifies the receiving device, and the encryption control unit of the receiving device is notified by the transmitting device. 3. The encrypted communication system according to claim 2, wherein each of the ranges is instructed to the decryption unit as each range for decrypting the received data. 4. The encryption control unit of the reception device instructs the decryption unit about each range in which the data to be transmitted is divided, and notifies the transmission device, and the encryption control unit of the transmission device is notified by the reception device. The encrypted communication system according to claim 2, wherein the encryption unit is instructed to set each of the ranges as a range for encrypting data to be transmitted. 5. A transmission device for encrypting and transmitting data, comprising: an encryption unit for encrypting each divided range of data to be transmitted with a plurality of encryption keys. 6. A receiving device for receiving and decrypting encrypted data, the receiving device comprising a decryption unit for decrypting each divided range of the received data with a plurality of encryption keys. apparatus. 7. A multi-branch communication system comprising a master station device that encrypts and broadcasts data and a plurality of slave station devices that receive and decrypt encrypted data, wherein the master station device is a transmitter. Each of the ranges in which the data to be divided is encrypted with a plurality of encryption keys, and the slave station device includes a decryption unit that decrypts each of the ranges in which the received data is divided with a plurality of the encryption keys. A multi-branch communication system characterized by being provided. 8. The master station device and the slave station device are ITU-T
The multi-branch communication system according to claim 7, which is an OLT transmission device and an ONU transmission device defined in Recommendation G983.1. 9. The multi-branch communication according to claim 8, wherein a plurality of encryption keys generated by the ONU transmission device are notified to the OLT transmission device by using the spare area of the new tuning key message. system. 10. A range of data to be encrypted with each encryption key is set to O by using the spare area of the CHAND VP message.
9. The multi-branch communication system according to claim 8, wherein the LT transmission device notifies the ONU transmission device.