JP2014036386A - Communication system, station-side control unit, terminal-side control unit, and communication control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a highly reliable communication system for achieving a security function between an optical line terminal and optical network units and suppressing the increase of a communication stop time between the optical line terminal and the optical network units concerning redundant switching in the optical line terminal.SOLUTION: A communication system includes: optical network units; and redundancy optical subscriber units for communication with the optical network units. Each optical subscriber unit transmits a communication signal encrypted by using an encryption key to each optical network unit. The optical network unit decrypts an encrypted communication signal received from the optical subscriber unit by using a decryption key corresponding to an encryption key. The optical subscriber unit and the optical network unit respectively previously acquire a switching encryption key being an encryption key and a switching decryption key being a decryption key that are to be used after switching between an active system optical subscriber unit and a standby system optical subscriber unit.

Description

  The present invention relates to a communication system, a home-side control unit, a station-side control unit, and a communication control method, and in particular, a communication system having a redundant configuration and a security function, a home-side control unit, a station-side control unit, and communication control in this communication system Regarding the method.

  In recent years, the Internet has become widespread, and users can access various information on sites operated in various parts of the world and obtain the information. Along with this, devices capable of broadband access such as ADSL (Asymmetric Digital Subscriber Line) and FTTH (Fiber To The Home) are rapidly spreading.

  In IEEE Std 802.3ah (registered trademark) -2004 (non-patent document 1), a plurality of home side devices (ONU: Optical Network Unit) share an optical communication line, and a station side device (OLT: Optical Line Terminal). One method of a passive optical network (PON), which is a medium-sharing communication that performs data transmission with the network, is disclosed. That is, EPON (Ethernet (registered trademark) PON) in which all information is communicated in the form of an Ethernet (registered trademark) frame, including user information passing through the PON and control information for managing and operating the PON, and EPON An access control protocol (MPCP (Multi-Point Control Protocol)) and an OAM (Operations Administration and Maintenance) protocol are defined. By exchanging MPCP frames between the station side device and the home side device, the home side device joins and leaves, and uplink access multiplexing control is performed. Non-Patent Document 1 describes a registration method for a new home device, a report indicating a bandwidth allocation request, and a gate indicating a transmission instruction using an MPCP message.

  As a next-generation technology of GE-PON, which is an EPON that realizes a communication speed of 1 gigabit / second, 10G-EPON standardized as IEEE 802.3av (registered trademark) -2009, that is, a communication speed of 10 gigabit / Even in EPON equivalent to seconds, the access control protocol is predicated on MPCP.

  In PON, since an optical signal transmitted from a station side device basically reaches all subordinate ONUs, an encryption function is required to protect user data and the like. In addition, an optical function transmitted from the ONU also requires an encryption function to prevent spoofing and prevent communication contents from being exposed due to interception of reflected light. As an example of such an encryption function, for example, IEEE Std 802.1AE (registered trademark) -2006 (Non-Patent Document 2) includes a technique for encrypting user data using a SAK (Secure Association Key) or the like. It is disclosed.

  By the way, in general, in a network service for business, in order to provide a high quality service, it is essential to make a system redundant (redundant). Also, a highly reliable system can be provided by using a duplex system in an audio / video distribution service. In the redundant system, a redundant configuration is adopted in which each of the devices, components, and network has an active system and a standby system as required. When a failure occurs in a part of the operating system, it is possible to make the system stop time due to the failure as short as possible by performing redundant switching from the active system to the standby system.

  Even if a failure has not become apparent, the module may be replaced proactively in consideration of the deterioration tendency of characteristics, the life of parts, and the like. If the system has a redundant configuration for the module, it is possible to shorten the system stop time due to such maintenance work as much as possible.

IEEE Std 802.3ah (registered trademark) -2004 IEEE Std 802.1AE (registered trademark) -2006

  In a communication system having a plurality of optical line units for transmitting / receiving optical signals to / from the station side apparatus, the station side apparatus performs redundant switching from the active optical line unit to the standby optical line unit. Think. In this case, for example, the station-side device communicating with the active optical line unit newly communicates with the standby optical line unit in accordance with a predetermined procedure, so that the keys used for encryption and decryption, etc. It is necessary to share the encryption information with the standby optical line unit. For this reason, the communication stop time of the PON system due to redundant switching becomes long.

  The present invention has been made in order to solve the above-described problems, and an object of the present invention is to realize a security function between a station-side device and a home-side device, and to prevent redundant switching in the station-side device. It is to provide a communication system, a home-side control unit, a station-side control unit, and a communication control method that can suppress an increase in communication stop time between the home-side devices and provide a highly reliable communication system. .

  A communication system according to an aspect of the present invention is a communication system including a home-side device and a redundant optical line unit for communicating with the home-side device, wherein the optical line unit includes an encryption key. The communication signal encrypted by using the communication device is transmitted to the home-side device, and the home-side device receives the decryption key corresponding to the encryption key from the encrypted communication signal received from the optical line unit. And the optical line unit and the home-side device are used as an encryption key for switching which is the encryption key to be used after switching between the optical line unit in the active system and the optical line unit in the standby system. Each of the decryption keys for switching, which is the decryption key, is acquired in advance.

  As described above, since the key to be used after the redundancy switching is acquired in advance before the redundancy switching, the home-side device can continuously decode the communication signal before and after the redundancy switching. Therefore, stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  Preferably, the standby optical line unit acquires in advance a first switching encryption key to be used after switching from the active optical line unit to itself, and the active optical line unit includes: A second switching encryption key to be used after switching from the optical line unit of the standby system to itself is acquired in advance, and the home-side device transmits the first switching encryption key and the second switching key. The decryption key corresponding to each encryption key is acquired in advance.

  With this configuration, different keys are used for redundant switching from the active optical line unit to the standby optical line unit, and for redundant switching from the standby optical line unit to the active optical line unit. Therefore, security can be further improved.

  Preferably, each of the optical line unit and the home-side device associates a protection communication identification number with the encryption key and the decryption key, respectively, so that the optical line unit in the active system and the optical line unit in the standby system are associated with each other. Is switched, the switching destination optical line unit transmits the communication signal including the protection communication identification number corresponding to the switching encryption key to the home side device, and the home side device The protection communication identification number included in the communication signal received from the optical line unit is extracted, and the switching decryption key, which is the decryption key corresponding to the extracted protection communication identification number, is decoded. Used for.

  With this configuration, the optical line unit notifies the home side device of the occurrence of redundant switching, or the home side device detects redundant switching between the active optical line unit and the standby optical line unit. Without changing, it is possible to change the decryption key for switching at an appropriate timing in the home device, and to continuously decrypt the communication signal before and after the redundant switching.

  Preferably, the optical line unit encrypts the communication signal using channel information based on the identification information of itself and the identification information of the home-side device to which the communication signal is transmitted, and the encryption key. The side device decrypts the communication signal by using the channel information based on the identification information of the optical line unit and the identification information of the optical line unit that has encrypted the communication signal, and the decryption key. The channel information to be used after switching between the optical line unit of the system and the optical line unit of the standby system is acquired in advance.

  With such a configuration, even when the channel information is used for encryption in addition to the key, the home-side apparatus can continuously decrypt the communication signal before and after the redundancy switching, thereby reducing the communication stop time in the communication system. It is possible to provide stable and high communication quality. For example, the home-side apparatus can acquire the channel information in advance by notifying the switching-source optical line unit of the identification information of the switching-destination optical line unit using the extended OAM.

  Preferably, the optical line unit encrypts the communication signal using channel information based on the identification information of itself and the identification information of the home-side device to which the communication signal is transmitted, and the encryption key. The side device decrypts the communication signal using the channel information based on the identification information of the optical line unit and the identification information of the optical line unit encrypted by the communication signal, and the decryption key. The transmission source identification information included in the control signal from the optical line unit is monitored, and when the identification information changes, the channel information is updated based on the changed identification information.

  With such a configuration, the home apparatus acquires channel information to be used after redundant switching without notifying the switching apparatus of the optical line unit to the home apparatus without identifying the identification information of the switching destination optical line unit. be able to. Further, even when the communication signal does not include channel information, it is possible to perform encryption and decryption using new channel information after redundancy switching, so that communication stoppage due to channel information can be prevented.

  Preferably, the home-side apparatus decrypts the communication signal using the channel information based on the identification information of the optical line unit and the identification information of the optical line unit that has encrypted the communication signal, and the decryption key. The signal may or may not include the channel information, and the optical line unit is in a state in which the communication signal not including the channel information is transmitted to the home-side apparatus according to the switching timing. And a transition between states in which the communication signal including the channel information is transmitted to the home device, and the home device does not include the channel information of the communication signal received from the optical line unit. A transition between the state and the state including the channel information is detected as the occurrence of the switching.

  With such a configuration, it is possible to reliably notify the occurrence of redundant switching from the optical line unit to the home-side apparatus through simple processing.

  More preferably, when the home-side device detects the occurrence of the switching when the communication signal received from the optical line unit transitions from a state not including the channel information to a state including the channel information, The communication signal is decoded using the channel information included in the communication signal instead of the channel information used before the occurrence of switching is detected.

  With such a configuration, the channel information to be used after the redundancy switching can be acquired by a simple process without newly creating channel information in the home device with the redundancy switching.

  More preferably, the optical line unit changes from a state in which the communication signal not including the channel information is transmitted to the home device to a state in which the communication signal including the channel information is transmitted to the home device. After the transition is executed, a transition is made to a state in which the communication signal not including the channel information is transmitted to the home device.

  In this way, in the communication after the redundancy switching, the bandwidth used in the communication after the redundancy switching is configured by switching the transmission to the transmission of the communication signal not including the channel information after notifying the home-side device of the switching of the channel information in the communication signal. In addition, the processing time can be reduced.

  More preferably, the optical line unit is configured such that the communication signal not including the channel information is transmitted to the home device and the communication signal including the channel information is transmitted to the home device. When executing the transition, if there is no data to be transmitted to the home device, the communication signal including dummy data is transmitted to the home device.

  With such a configuration, it is possible to reliably notify the redundant switching to the home side device by switching the presence / absence of channel information in the communication signal regardless of the usage status of the communication service.

  More preferably, the optical line unit broadcasts the communication signal including the dummy data.

  As described above, since the communication signal including the dummy data is broadcast, it is possible to notify the redundant switching to all the home side devices under the optical line unit with one communication signal. Processing time can be reduced.

  Preferably, the home-side device decrypts the communication signal using channel information based on the identification information of the optical line unit and the identification information of the optical line unit obtained by encrypting the communication signal, and the decryption key, and The side device monitors the channel information included in the communication signal from the optical line unit and detects a change in the channel information as the occurrence of the switching.

  With such a configuration, it is possible to detect the redundant switching of the optical line unit and to update the channel information together with simple processing without separately monitoring the change of the transmission source address of the communication signal. Processing can be performed.

  Preferably, the home side device operates according to the time information, adjusts its own time information based on the time information included in the control signal from the optical line unit, and the home side device is connected to the optical line unit. The occurrence of the switching is detected based on the difference between the time information and the own time information.

  With such a configuration, even when channel information is not included in the communication signal, it is possible to detect redundant switching of the optical line unit with a simple process.

  Preferably, the home-side apparatus detects the interruption of the communication signal from the optical line unit or the change in the identification information of the transmission source included in the control signal from the optical line unit as the occurrence of the switching.

  With such a configuration, even when channel information is not included in the communication signal, it is possible to detect redundant switching of the optical line unit with a simple process.

  A home-side control unit according to an aspect of the present invention is a home-side control unit used in a home-side device for communicating with a redundant optical line unit, the encrypted data received from the optical line unit Decryption unit for decrypting a communication signal using a decryption key, and decryption for switching which is the decryption key to be used after switching between the active optical line unit and the standby optical line unit And a decryption key acquisition unit for acquiring the encryption key in advance.

  As described above, since the key to be used after the redundancy switching is acquired in advance before the redundancy switching, the home-side device can continuously decode the communication signal before and after the redundancy switching. Therefore, stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  A home side control unit according to another aspect of the present invention is a home side control unit used in a home side device for communicating with a redundant optical line unit, the encryption received from the optical line unit. A decryption unit for decrypting the received communication signal using a decryption key, and the decryption key used before switching between the optical line unit in the active system and the optical line unit in the standby system And a storage unit for storing the switching decryption key that is the decryption key to be used after the switching.

  With such a configuration, since the key to be used after the redundancy switching can be acquired in advance before the redundancy switching, the home-side apparatus can continuously decode the communication signal before and after the redundancy switching. Thereby, the communication stop time accompanying redundancy switching can be shortened, and stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  A station-side control unit according to an aspect of the present invention is a station-side control unit used in a redundant optical line unit for communicating with a home-side device, and a communication signal to be transmitted to the home-side device Encryption unit for encrypting using the encryption key, and switching encryption that is the encryption key to be used after switching between the active optical line unit and the standby optical line unit An encryption key acquisition unit for acquiring a key in advance.

  As described above, since the key to be used after the redundancy switching is acquired in advance before the redundancy switching, the home-side device can continuously decode the communication signal before and after the redundancy switching. Therefore, stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  A station-side control unit according to another aspect of the present invention is a station-side control unit used in a redundant optical line unit for communicating with a home-side device, and should be transmitted to the home-side device. An encryption unit for encrypting a communication signal using an encryption key and the encryption key used before switching between the optical line unit in the active system and the optical line unit in the standby system An encryption key, and a storage unit for storing a switching encryption key that is the encryption key to be used after the switching.

  With such a configuration, since the key to be used after the redundancy switching can be acquired in advance before the redundancy switching, the home-side apparatus can continuously decode the communication signal before and after the redundancy switching. Thereby, the communication stop time accompanying redundancy switching can be shortened, and stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  A communication control method according to an aspect of the present invention is a communication control method in a communication system including a home side device and a redundant optical line unit for communicating with the home side device, wherein the optical line unit And an encryption key for switching which is an encryption key to be used after switching between the optical line unit in the active system and the optical line unit in the standby system, and the decryption corresponding to the encryption key A step of previously obtaining a switching decryption key as a key, and after the switching, the optical line unit transmits a communication signal encrypted using the acquired switching encryption key to the home-side device. And after the switching, the home device receives the encrypted communication signal received from the optical line unit. And a step of decoding using a decoding key for example.

  As described above, since the key to be used after the redundancy switching is acquired in advance before the redundancy switching, the home-side device can continuously decode the communication signal before and after the redundancy switching. Therefore, stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  Up to this point, downlink encryption has been described, but the same applies to uplink encryption. That is, a communication system according to an aspect of the present invention is a communication system including a home-side device and a redundant optical line unit for communicating with the home-side device, wherein the home-side device A communication signal encrypted using an encryption key is transmitted to the optical line unit, and the optical line unit decrypts the encrypted communication signal received from the home-side device corresponding to the encryption key. The home-side device and the optical line unit are decrypted using a key, and the switching cipher that is the encryption key to be used after switching between the optical line unit in the active system and the optical line unit in the standby system And a decryption key for switching, which is the decryption key.

  As described above, since the key to be used after the redundant switching is acquired in advance before the redundant switching, the optical line unit can continuously decode the communication signal before and after the redundant switching. Therefore, stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  Preferably, the standby optical line unit acquires in advance a first switching decryption key to be used after switching from the active optical line unit to itself, and the active optical line unit includes: A second switching decryption key to be used after switching from the optical line unit of the standby system to itself is acquired in advance, and the home-side apparatus acquires the first switching decryption key and the second switching key. The encryption key corresponding to each decryption key is acquired in advance.

  With this configuration, different keys are used for redundant switching from the active optical line unit to the standby optical line unit, and for redundant switching from the standby optical line unit to the active optical line unit. Therefore, security can be further improved.

  Preferably, each of the optical line unit and the home-side device associates a protection communication identification number with the decryption key and the encryption key, respectively, so that the optical line unit in the active system and the optical line unit in the standby system are associated with each other. Is switched, the home device transmits the communication signal including the protected communication identification number corresponding to the switching encryption key to the switching destination optical line unit, and the switching destination optical line unit. Extracts the protected communication identification number included in the communication signal received from the home-side device, and sets the decryption key for switching as the decryption key corresponding to the extracted protected communication identification number to the communication signal. Used for decoding.

  With such a configuration, it is not necessary to perform a new key consensus process after redundant switching between the active optical line unit and the standby optical line unit, and communication signals can be continuously decoded before and after the redundant switching. it can.

  Preferably, the home-side apparatus encrypts the communication signal using channel information based on the identification information of itself and the identification information of the optical line unit to which the communication signal is transmitted, and the encryption key, and transmits the optical signal. The line unit decrypts the communication signal using channel information based on the identification information of the home-side device and the identification information of the home apparatus that has encrypted the communication signal, and the decryption key, and the optical line unit operates The channel information to be used after switching between the optical line unit of the system and the optical line unit of the standby system is acquired in advance.

  With such a configuration, even when the channel information is used for encryption in addition to the key, the optical line unit can continuously decode the communication signal before and after the redundancy switching, thereby reducing the communication stop time in the communication system. It is possible to provide stable and high communication quality. For example, the switching-destination optical line unit can acquire the channel information in advance by taking over the identification information of the optical line unit from the switching-source optical line unit. Alternatively, before the redundant switching, the switching source optical line unit should notify the switching destination optical line unit of the identification information of the switching destination optical line unit to the home side apparatus using the extended OAM or the like, so that the home side apparatus should use after the switching. The channel information may be acquired in advance.

  A station-side control unit according to an aspect of the present invention is a station-side control unit used in a redundant optical line unit for communicating with a home-side device, and is an encrypted data received from the home-side device. A switching unit that is to be used after switching between the decryption unit for decrypting the communication signal using the decryption key and the optical line unit in the active system and the optical line unit in the standby system A decryption key obtaining unit for obtaining a decryption key in advance.

  As described above, since the key to be used after the redundant switching is acquired in advance before the redundant switching, the optical line unit can decode without interrupting the communication signal before and after the redundant switching. Can be shortened, and stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  A station-side control unit according to another aspect of the present invention is a station-side control unit used in a redundant optical line unit for communicating with a home-side device, and the encryption received from the home-side device. A decryption unit for decrypting the communication signal using a decryption key, and the decryption key used before switching between the active optical line unit and the standby optical line unit A storage unit for storing a normal decryption key and a switching decryption key that is the decryption key to be used after the switching.

  With such a configuration, the key to be used after the redundant switching can be acquired in advance before the redundant switching, so that the optical line unit can decode the communication signal without interruption before and after the redundant switching. Thereby, the communication stop time accompanying redundancy switching can be shortened, and stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  A home-side control unit according to an aspect of the present invention is a home-side control unit used in a home-side device for communicating with a redundant optical line unit, and transmits a communication signal to be transmitted to the optical line unit. An encryption unit for encryption using an encryption key, and a switching encryption key that is the encryption key to be used after switching between the active optical line unit and the standby optical line unit And an encryption key obtaining unit for obtaining in advance.

  As described above, since the key to be used after the redundant switching is acquired in advance before the redundant switching, the optical line unit can decode without interrupting the communication signal before and after the redundant switching. Can be shortened, and stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  A home-side control unit according to another aspect of the present invention is a home-side control unit used in a home-side device for communicating with a redundant optical line unit, and a communication to be transmitted to the optical line unit. An encryption unit for encrypting a signal using an encryption key, and a normal encryption that is the encryption key used before switching between the optical line unit in the active system and the optical line unit in the standby system And a storage unit for storing a switching encryption key that is the encryption key to be used after the switching.

  With such a configuration, the key to be used after the redundant switching can be acquired in advance before the redundant switching, so that the optical line unit can decode the communication signal without interruption before and after the redundant switching. Thereby, the communication stop time accompanying redundancy switching can be shortened, and stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided.

  A communication control method according to an aspect of the present invention is a communication control method in a communication system including a home side device and a redundant optical line unit for communicating with the home side device, the home side device And an encryption key for switching which is an encryption key to be used after the optical line unit is switched between the optical line unit of the active system and the optical line unit of the standby system, and decryption corresponding to the encryption key A step of previously obtaining a switching decryption key as a key, and after the switching, the home-side device transmits a communication signal encrypted using the acquired switching encryption key to the optical line unit. And after the switching, the optical line unit transmits the encrypted communication signal received from the home device to the acquired switch. And a step of decoding using a decoding key for example.

  As described above, since the key to be used after the redundant switching is acquired in advance before the redundant switching, the optical line unit can decode without interrupting the communication signal before and after the redundant switching. Can be shortened, and stable and high communication quality can be provided. In addition, since the key can be changed before and after the redundancy switching, it is not necessary to transfer information such as the packet number of the communication signal between the switching source optical line unit and the switching destination optical line unit. Thus, stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved. Therefore, a security function between the station side device and the home side device is realized, and an increase in the communication stop time between the station side device and the home side device is suppressed with respect to redundant switching in the station side device, so that the reliability is high. A communication system can be provided. As will be described later, the home side device, for example, LoS (Loss of Signal), time stamp drift, change in the source address of the received PON control frame, change in SCI of the received downlink encrypted frame, received downlink cipher Change of protected communication identification number of encrypted frame, change of received downlink encrypted frame from long tag to short tag, or change of received downlink encrypted frame from short tag to long tag, etc. By detecting this, the switching can be detected, and the use of the switching encryption key can be started according to the detected timing.

  According to the present invention, the security function between the station-side device and the home-side device is realized, and the redundancy switching in the station-side device is restrained from increasing the communication stop time between the station-side device and the home-side device, A highly reliable communication system can be provided.

1 is a block diagram showing a schematic configuration of a PON system according to a first embodiment of the present invention. It is a figure which shows the structure of OSU in the station side apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows the structure of ONU which concerns on the 1st Embodiment of this invention. It is a figure which shows the structure of the PON control part and encryption part in OSU which concerns on the 1st Embodiment of this invention. It is a figure which shows an example of a structure of the downlink data frame in OSU which concerns on the 1st Embodiment of this invention. It is a figure which shows the structure of the control part and decoding part in ONU which concerns on the 1st Embodiment of this invention. 5 is a flowchart showing an operation procedure when performing redundant switching from an active OSU to a standby OSU in the PON system according to the first embodiment of the present invention. 5 is a flowchart showing an operation procedure when performing redundant switching from a standby OSU to an active OSU in the PON system according to the first embodiment of the present invention. It is a figure which shows the switching information and encryption information which are used when performing redundant switching from the active OSU to the standby OSU in the PON system according to the first embodiment of the present invention. It is a figure which shows the switching information and encryption information which are used when performing redundant switching from standby OSU to active OSU in the PON system according to the first embodiment of the present invention. It is a figure which shows the structure of the control part and decoding part in ONU which concerns on the 2nd Embodiment of this invention. 6 is a flowchart showing an operation procedure when performing redundant switching from an active OSU to a standby OSU in a PON system according to a second embodiment of the present invention. 7 is a flowchart showing an operation procedure when performing redundant switching from a standby OSU to an active OSU in a PON system according to a second embodiment of the present invention. It is a figure which shows the structure of the control part and decoding part in ONU which concerns on the 3rd Embodiment of this invention. It is a flowchart which shows the operation | movement procedure at the time of performing the redundant switching from the active system OSU to the standby system OSU in the PON system which concerns on the 3rd Embodiment of this invention. 14 is a flowchart illustrating another example of an operation procedure when performing redundant switching from an active OSU to a standby OSU in a PON system according to a third embodiment of the present invention. It is a figure which shows the structure of the control part and decoding part in ONU which concerns on the 4th Embodiment of this invention. It is a flowchart which shows the operation | movement procedure at the time of performing the redundant switching from the active system OSU to the standby system OSU in the PON system which concerns on the 4th Embodiment of this invention. It is a figure which shows the structure of OSU in the station side apparatus which concerns on the 5th Embodiment of this invention. It is a figure which shows the structure of ONU which concerns on the 5th Embodiment of this invention. It is a figure which shows the structure of the PON control part and decoding part in OSU which concerns on the 5th Embodiment of this invention. It is a figure which shows the structure of the control part and decoding part in ONU which concerns on the 5th Embodiment of this invention. It is a flowchart which shows the operation | movement procedure at the time of performing the redundant switching from the active system OSU to the standby system OSU in the PON system which concerns on the 5th Embodiment of this invention. It is a flowchart which shows the operation | movement procedure at the time of performing the redundant switching from standby system OSU to operation system OSU in the PON system which concerns on the 5th Embodiment of this invention. It is a figure which shows the switching information and encryption information which are used when performing redundant switching from active OSU to standby OSU in the PON system which concerns on the 5th Embodiment of this invention. It is a figure which shows the switching information and encryption information which are used when performing the redundant switching from standby OSU to operation system OSU in the PON system which concerns on the 5th Embodiment of this invention. It is a figure which shows the other example of the switching information and encryption information which are used when performing redundant switching from the active OSU to the standby OSU in the PON system according to the fifth embodiment of the present invention. It is a figure which shows the other example of the switching information and encryption information which are used when performing redundant switching from standby system OSU to operation system OSU in the PON system which concerns on the 5th Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

<First Embodiment>
[Configuration and basic operation]
FIG. 1 is a block diagram showing a schematic configuration of a PON system according to the first embodiment of the present invention.

  Referring to FIG. 1, a PON system 301 includes a station-side device 101, N PON lines 1 to N (203-1 to 203-N), which are optical fibers, and N optical couplers 204-1 to 204-1. 204-N and a plurality of home-side devices (ONUs) 202. The station-side device 101 includes optical line units (hereinafter also referred to as OSUs (Optical Subscriber Units)) 1 to N + 1 (12-1 to 12-N + 1), a concentrator 13, an optical switch 14, and station-side devices 101. And an overall control unit 11 that performs overall control. Here, N is an integer of 1 or more. In addition, a direction from the home side device to the host network (hereinafter also referred to as “uplink”) is referred to as an uplink direction, and a direction from the uplink to the home side device is referred to as a downlink direction.

  Here, in the PON system 301, each PON line corresponds to 10G-EPON, which is an EPON that realizes a communication speed of 10 gigabits / second, and the uplink is Ethernet (registered) that realizes a communication speed of 10 gigabits / second. The description will be made on the assumption that it corresponds to the trademark. Further, description will be made on the assumption that ONU registration, withdrawal, bandwidth allocation to the ONU, and bandwidth request from the ONU are performed by the MPCP frame.

  The station apparatus 101 accommodates a plurality of PON lines corresponding to 10G-EPON. One or a plurality of ONUs are connected to one PON line. The station side apparatus 101 multiplexes data from these PON lines to an uplink having one or a plurality of communication lines. Further, the station side apparatus 101 distributes data from the uplink and transmits it to each ONU in each PON line. Further, the station apparatus 101 allocates the upstream band and downstream band of the PON line to each ONU. For example, the upstream optical signal from each ONU to the station apparatus 101 is a burst signal, and the downstream optical signal from the station apparatus 101 to each ONU is a continuous signal. In the PON system 301, an optical signal from each ONU to the station apparatus 101 is time-division multiplexed.

  Specifically, the station apparatus 101 is connected to N PON lines 1 to N, and terminates the N PON lines. The OSU is a structural unit of the station-side device 101 and is realized by, for example, one integrated circuit, and terminates the PON line. Each OSU is provided corresponding to a PON line, and transmits / receives a frame to / from one or more ONUs connected to the corresponding PON line. The PON lines 1 to N are connected to the optical couplers 204-1 to 204-N, respectively, and are connected to the respective ONUs 202 through these optical couplers.

  The station side device 101 has, for example, an N: 1 redundant configuration. That is, among N + 1 OSUs, OSU1 to N are active (current) OSUs, and OSU N + 1 is a standby (reserved) OSU. The station apparatus 101 may include two or more standby OSUs.

  The overall control unit 11 performs switching control for switching the OSU 12 that should transmit / receive a frame to / from the ONU 202 between the active OSU 12 and the standby OSU 12.

  In accordance with an instruction from the overall control unit 11, the optical switch 14 connects N + 1 OSU1 to N + 1 (12-1 to 12-N + 1) and N PON lines 1 to N (3-1 to 3-N). Switch between communication paths.

  The concentrator 13 transmits the uplink frame received from each ONU via the plurality of OSUs to the uplink. Specifically, the concentrator 13 multiplexes uplink frames from OSU 1 to N (12-1 to 12-N + 1) and transmits them to the uplink, and distributes downlink frames received from the uplink to appropriate OSUs. Perform processing.

  FIG. 2 is a diagram showing the configuration of the OSU in the station side apparatus according to the first embodiment of the present invention.

  Referring to FIG. 2, the OSU 12 includes an encryption unit 30, a line concentration IF (Interface) unit 31, a control IF unit 32, a reception processing unit 33, a transmission processing unit 34, a PON transmission / reception unit 35, and a PON control. The unit 36 includes a FIFO 37 that accumulates upstream frames, and a FIFO 38 that accumulates downstream frames.

  In the station apparatus 101, a clock for operating each unit in the OSU 12 is generated. The OSU 12 generates time information, that is, a time stamp according to the timing of this clock, and transmits / receives a frame according to the time stamp. The OSU 12 also includes a time stamp in the control frame and transmits it to each subordinate ONU 202. The ONU 202 operates according to the time stamp, and adjusts its own time stamp based on the time stamp included in the control frame from the OSU 12.

  The PON transmission / reception unit 35 is connected to one optical fiber, which is a PON line, via the optical switch 14 as a master station side starting point of the PON line. The PON transmitter / receiver 35 receives an upstream optical signal of a specific wavelength, for example, a 1310 nm band, and converts it into an electrical signal so that bidirectional communication can be performed with each ONU via the optical fiber, and then converts it into an electrical signal. In addition to outputting, the electrical signal received from the transmission processing unit 34 is converted into a downstream optical signal of another wavelength and transmitted. For example, the PON transmission / reception unit 35 converts a 10 Gbps electrical signal received from the transmission processing unit 34 into a downstream optical signal in the 1570 nm band and transmits the converted signal.

  The reception processing unit 33 reconstructs a frame from the electrical signal received from the PON transmission / reception unit 35 and distributes the frame to the PON control unit 36 or the FIFO 37 according to the type of the frame. Specifically, the data frame is output to the FIFO 37 and the control frame is output to the PON control unit 36.

  Further, the reception processing unit 33 may receive grant information indicating when to receive a frame from which logical link from the transmission processing unit 34 and output a control signal for supporting burst reception to the PON transmission / reception unit 35. Good. Further, the reception processing unit 33 may receive this grant information and filter, that is, discard, a received frame that is not indicated in the grant information.

  The concentrating IF unit 31 outputs the upstream frame received from the FIFO 37 to the concentrating unit 13. When receiving the control frame from the PON control unit 36, the concentration IF unit 31 outputs the control frame to the concentration unit 13 with priority over the frame from the FIFO 37 between the frame sequences from the FIFO 37.

  Further, when receiving the frame from the line concentrator 13, the line concentrator IF 31 outputs it to the FIFO 38 when the frame is a normal data frame, and outputs it to the PON controller 36 when the frame is a control frame. To do.

  The encryption unit 30 encrypts the data frame received from the FIFO 38. The encryption unit 30 outputs the encrypted data frame and the control frame received from the PON control unit 36 to the transmission processing unit 34.

  The transmission processing unit 34 receives the data frame and the control frame output from the encryption unit 30 according to the priority order, and outputs them to the PON transmission / reception unit 35.

  The PON control unit 36 performs station-side processing related to control and management of the PON line such as MPCP and OAM. In other words, by exchanging MPCP messages and OAM messages with each ONU connected to the PON line, including ONU registration, leaving, and uplink access control including bandwidth allocation, downlink access control, and sleep instruction to the ONU Manages ONU operations.

  For example, the PON control unit 36 allocates the upstream bandwidth in the PON line to each ONU 202 based on the upstream bandwidth allocation request in the PON line received from each ONU 202. Specifically, the PON control unit 36 allocates a bandwidth in the PON line to the ONU 202 based on a report frame indicating a bandwidth allocation request in the PON line received from the ONU 202, that is, transmits a gate frame in which a grant is written to the ONU 202. To do. The PON control unit 36 notifies the ONU 202 of the transmission start timing and the transmittable data length to the ONU 202 using the gate frame.

  Based on an instruction from the overall control unit 11, the control IF unit 32 performs settings in the concentrating IF unit 31, the reception processing unit 33, the transmission processing unit 34, and the PON control unit 36, and sets the status of each unit as a whole. Notify the control unit 11. Further, when an abnormality occurs in each of these units, the state of the unit in which the abnormality has occurred is notified to the overall control unit 11 without depending on an instruction from the overall control unit 11. The overall control unit 11 performs redundant switching of the OSU 12 based on such information, for example. Setting and status notification for the PON transceiver 35 are performed via the reception processor 33. The setting and status notification for the encryption unit 30 is performed via the PON control unit 36.

  FIG. 3 is a diagram showing the configuration of the ONU according to the first embodiment of the present invention.

  Referring to FIG. 3, the ONU 202 includes a decoding unit 20, a PON port 21, an optical reception processing unit 22, a buffer memory 23, a transmission processing unit 24, a UNI (User Network Interface) port 25, and a reception process. Unit 26, buffer memory 27, optical transmission processing unit 28, and control unit 29.

  The optical reception processing unit 22 receives the downstream optical signal transmitted from the station side device 101 via the PON port 21, converts it into an electrical signal, reconstructs a frame from the electrical signal, and outputs the frame.

  The decoding unit 20 decodes the data frame received from the optical reception processing unit 22. The decoding unit 20 distributes the frame to the control unit 29 or the transmission processing unit 24 according to the type of frame. Specifically, the decoding unit 20 outputs the decoded data frame to the transmission processing unit 24 via the buffer memory 23, and outputs the control frame received from the optical reception processing unit 22 to the control unit 29.

  The transmission processing unit 24 transmits the data frame received from the decoding unit 20 to a user terminal such as a personal computer (not shown) via the UNI port 25.

  The reception processing unit 26 outputs the data frame received from the user terminal via the UNI port 25 to the optical transmission processing unit 28 via the buffer memory 27.

  The control unit 29 performs home-side processing related to control and management of the PON line such as MPCP and OAM. That is, various controls such as access control are performed by exchanging MPCP messages and OAM messages with the station-side apparatus 101 connected to the PON line. The control unit 29 generates a control frame including various control information and outputs it to the optical transmission processing unit 28 via the buffer memory 27.

  The optical transmission processing unit 28 converts the data frame received from the reception processing unit 26 and the control frame received from the control unit 29 into an optical signal, and transmits the optical signal to the station apparatus 101 via the PON port 21.

  FIG. 4 is a diagram showing configurations of the PON control unit and the encryption unit in the OSU according to the first embodiment of the present invention.

  Referring to FIG. 4, PON control unit 36 includes a frame creation unit 71, a key update unit (encryption key acquisition unit) 72, an SCI creation unit 73, and a switching processing unit 74. The encryption unit 30 includes a frame type identification unit 61, a storage unit 62, an encryptor (encryption unit and communication signal configuration unit) 63, a multiplexer 64, a key selection unit 65, and an SCI selection unit 66.

  Part or all of the units in the PON control unit 36 and the encryption unit 30 are realized by, for example, one integrated circuit as the station-side control unit. This integrated circuit may further include units other than the PON control unit 36 and the encryption unit 30 in the OSU 12. The storage unit 62 may be included in the PON control unit 36, or the storage area may be divided and included in the encryption unit 30 and the PON control unit 36.

  In the encryption unit 30, the storage unit 62 switches the normal encryption key that is an encryption key used before the redundant switching between the active OSU and the standby OSU and the encryption key that should be used after the redundant switching. Store the encryption key. More specifically, the storage unit 62 stores encryption information such as the key management table 70 and SCI (Secure Channel Identifier) for each logical link identifier (LLID).

  In the PON control unit 36, the key update unit 72 acquires in advance a switching encryption key that is an encryption key to be used after redundant switching between the active OSU and the standby OSU. The key update unit 72 acquires an encryption key necessary for encrypted communication with each ONU 202 under its own OSU 12, for example, for each LLID, and stores the acquired encryption key in the storage unit 62. Note that not only one ONU 202 corresponds to one LLID, but one ONU 202 may correspond to a plurality of LLIDs.

  More specifically, the key update unit 72 creates a key management table (key management information) 70 indicating a correspondence relationship between a secure communication identification number (Secure Association Number) and an encryption key such as SAK for each LLID, Save in the storage unit 62.

  Here, the protected communication identification number is, for example, an association number (AN) in Non-Patent Document 2. The association number is 2-bit data, and it is possible to register protected communication corresponding to four different keys for one LLID.

  In the PON system 301, for example, association numbers 0 and 1 are used as protection communication identification numbers for keys that are normally used, and association number 2 is protection corresponding to a key that is used for redundant switching from the active OSU 12 to the standby OSU 12. A communication identification number is used, and association number 3 is a protected communication identification number corresponding to a key used for redundant switching from the standby OSU 12 to the active OSU 12.

  The switching keys for association numbers 2 and 3 are not limited to different keys, and may be the same key.

  Further, the present invention can be applied not only when the key is a unicast key but also when the key is a broadcast key and a multicast key.

  Further, the key is not limited to a configuration in which the key is a fixed key such as PSK (Pre-shared Key), but may be updated periodically, or after use, for example, after redundancy switching. In this case, since the key is difficult to predict, security can be improved.

  The SCI creation unit 73 creates channel information based on the identification information of the own OSU 12 and the identification information of the ONU 202 that is the transmission destination of the frame. For example, the SCI creation unit 73 creates an SCI (Secure Channel Identifier) in Non-Patent Document 2 as channel information.

  The SCI is composed of a system identifier and a port number. Specifically, the system identifier is a MAC (Medium Access Control) address that is not two in the world of the encryption source of the frame, and the port number is a number that is not duplicated in the system, for example, LLID. The SCI creation unit 73 creates an SCI for each LLID and stores it in the storage unit 62.

  Note that the PON system 301 is not limited to a configuration using SCI as channel information, and may be configured to use data that has been subjected to some encoding processing using a MAC address and LLID as channel information, for example.

  The frame creation unit 71 creates and outputs control frames such as MPCP frames such as gate frames, OAM frames, and extended MAC frames.

  In the encryption unit 30, the frame type identification unit 61 confirms the contents of the type field in the frame received from the FIFO 38 and the frame creation unit 71 and determines the frame to be encrypted. Specifically, for example, the frame type identification unit 61 outputs a data frame to the encryptor 63 and outputs a control frame to the multiplexer 64.

  The encryptor 63 encrypts the user data included in the data frame received from the frame type identifying unit 61 using an encryption key and SCI according to a method described in Non-Patent Document 2, for example.

  The multiplexer 64 multiplexes the data frame encrypted by the encryptor 63 and the control frame received from the frame type identification unit 61 and outputs the multiplexed data frame to the transmission processing unit 34.

  In the PON control unit 36, the switching processing unit 74 displays switching control information indicating, for example, the timing of OSU redundancy switching and whether the own OSU 12 is the switching source or the switching destination via the control IF unit 32. Get from. In the switching source OSU 12, the switching control information further includes the MAC address of the switching destination OSU 12. Then, the switching processing unit 74 outputs the switching control information to the key selection unit 65, the SCI selection unit 66, the encryptor 63, and the frame creation unit 71.

  The frame creation unit 71 in the switching source OSU 12 generates a control frame for notifying the MAC address indicated by the switching control information received from the switching processing unit 74 and destined for the ONU 202 communicating with its own OSU 12. The data is output to the type identification unit 61. This control frame is, for example, an extended OAM frame.

  Based on the switching control information received from the switching processing unit 74, the key selection unit 65 in the switching destination OSU 12 selects an association number to be included in the data frame, and selects an encryption key corresponding to the selected association number for key management. Obtained from the table 70, the association number and the encryption key are output to the encryptor 63.

  The SCI selection unit 66 selects an association number to be included in the data frame based on the switching control information received from the switching processing unit 74, acquires the SCI corresponding to the selected association number from the key management table 70, and The association number and the SCI are output to the encryptor 63.

  FIG. 5 is a diagram illustrating an example of a configuration of a downlink data frame in the OSU according to the first embodiment of the present invention.

  Referring to FIG. 5, a downlink data frame includes, for example, a field into which a transmission destination address (DA) is inserted, a field into which a transmission source address (SA) is inserted, a field into which a security tag is inserted, and a user. It includes a field into which encrypted data obtained by encrypting data is inserted, and a field into which ICV (Integrity Check Value) is inserted. The security tag includes, for example, an association number (AN), a packet number (PN), and SCI.

  Referring to FIG. 4 again, encryptor 63 sets the association number received from key selection unit 65 or SCI selection unit 66, the SCI received from SCI selection unit 66, and the like in the security tag, and the packet number in the security tag. Set. In addition, the encryptor 63 encrypts the user data included in the data frame received from the frame type identification unit 61 using the encryption key received from the key selection unit 65 and the SCI received from the SCI selection unit 66.

  The encryptor 63 can select an operation for including the SCI in the data frame and an operation for not including the SCI in the data frame.

  More specifically, referring to FIG. 5 again, the encryptor 63 includes an operation of transmitting a long tag including the SCI as a security tag in addition to the association number (AN) and the packet number (PN), and the SCI. It is possible to perform an operation of transmitting a short tag as a security tag.

  FIG. 6 is a diagram showing a configuration of a control unit and a decoding unit in the ONU according to the first embodiment of the present invention.

  Referring to FIG. 6, decryption unit 20 includes decryption unit (decryption unit) 51, storage unit 52, SCI selection unit 53, key selection unit 54, and association number extraction unit (protected communication identification number extraction unit). ) 55 and a frame type identification unit 57. The control unit 29 includes a key update unit (decryption key acquisition unit) 81, an SCI creation unit (channel information update unit) 82, a switching processing unit (switch detection unit) 83, a MAC address update unit 84, a control frame And a processing unit 85.

  A part or all of the units in the control unit 29 and the decoding unit 20 are realized by, for example, one integrated circuit as a home-side control unit. This integrated circuit may further include units other than the control unit 29 and the decoding unit 20 in the ONU 202. The storage unit 52 may be included in the control unit 29, or the storage area may be divided and included in the control unit 29 and the decoding unit 20.

  In the decryption unit 20, the storage unit 52 is a normal decryption key that is a decryption key used before redundant switching between the active OSU and the standby OSU, and a switching key that is a decryption key to be used after the redundant switch. Store the decryption key. For example, the storage unit 52 stores a switching decryption key to be used after switching from the active OSU to the standby OSU, and a switching decryption key to be used after switching from the standby OSU to the active OSU. . More specifically, the storage unit 52 stores encryption information such as a key management table 60, a port number, and a switching destination MAC address.

  In the control unit 29, the key update unit 81 acquires in advance a switching decryption key that is a decryption key to be used after redundant switching between the active OSU and the standby OSU. The key update unit 81 acquires a decryption key necessary for encrypted communication with the OSU 12 and stores the acquired decryption key in the storage unit 52.

  The SCI creation unit 82 creates channel information based on the identification information of its own ONU 202 and the identification information of the OSU 12 that is the encryption source of the frame. For example, the SCI creation unit 82 creates an SCI (Secure Channel Identifier) in Non-Patent Document 2 as channel information and stores it in the storage unit 52. In this case, as described above, the identification information of the own ONU 202 is the LLID, and the identification information of the OSU 12 that is the encryption source of the frame is the MAC address.

  The key update unit 81 and the SCI creation unit 82 create a key management table (key management information) 60 indicating the correspondence between the protected communication identification number, the decryption key such as SAK, and the SCI, and store the key management table 60 in the storage unit 52. . For example, the SCI used before the redundant switching between the active OSU and the standby OSU and the SCI to be used after the redundant switching are registered in the key management table 60.

  In the decoding unit 20, the frame type identification unit 57 confirms the contents of the type field in the frame received from the optical reception processing unit 22 and determines the frame to be decoded. Specifically, for example, the frame type identification unit 57 outputs a data frame to the decoder 51 and outputs a control frame to the control unit 29.

  The decryptor 51 decrypts the user data included in the data frame received from the frame type identification unit 57 using the decryption key and the SCI, for example, according to the method described in Non-Patent Document 2, and outputs the decrypted data to the buffer memory 23. .

  More specifically, the decryptor 51 refers to the key management table 60 by the key selection unit 54 to obtain a decryption key corresponding to the protected communication identification number extracted by the association number extraction unit 55. The decrypted key is used for decrypting the data frame.

  More specifically, the association number extraction unit 55 extracts the association number included in the data frame received from the frame type identification unit 57 and outputs the extracted association number to the SCI selection unit 53 and the key selection unit 54. In addition, the association number extraction unit 55 detects a change in the association number in the security tag of the data frame and notifies the switching processing unit 83 of the detection result.

  The key selection unit 54 acquires the decryption key corresponding to the association number received from the association number extraction unit 55 from the key management table 60, and outputs the association number and the decryption key to the decoder 51.

  The SCI selection unit 53 acquires the SCI corresponding to the association number received from the association number extraction unit 55 from the key management table 60, and outputs the association number and the SCI to the decoder 51.

  The decoder 51 uses the decryption key received from the key selection unit 54 and the SCI received from the SCI selection unit 53 to decode the user data included in the data frame received from the frame type identification unit 57, and the buffer memory 23. Output to.

  In the control unit 29, the control frame processing unit 85 analyzes the control frame received from the frame type identification unit 57, and performs various controls such as access control based on the analysis result.

  When the MAC address update unit 84 receives a notification of the MAC address of the switching destination OSU 12 from the OSU 12 communicating with its own ONU 202 via the control frame processing unit 85, the MAC address in the storage unit 52 is notified of the MAC address notified. Rewrite to

  The switching processing unit 83 detects OSU redundancy switching by various methods. For example, the switching processing unit 83 detects OSU redundancy switching based on information received from the control frame processing unit 85 or the optical reception processing unit 22.

  Specifically, the optical reception processing unit 22 notifies the switching processing unit 83 of a loss of signal (LoS), that is, when the ONU 202 cannot detect a downstream optical signal transmitted from the station side device 101 for a predetermined time or more. To do. The switching processing unit 83 receives this notification and determines that OSU redundancy switching has occurred. That is, the switching processing unit 83 detects the interruption of the downstream optical signal from the station side device 101 as the occurrence of redundant switching.

  The switching processing unit 83 detects the occurrence of redundant switching based on the difference between the time stamp from the OSU 12 and the time stamp of its own ONU 202.

  More specifically, the control frame processing unit 85 monitors the time stamp value of the MPCP frame received from the OSU 12, and if the difference between the time stamp value and the time stamp value of its own ONU 202 exceeds a predetermined threshold value, The switching processor 83 is notified that time stamp drift has occurred. The switching processing unit 83 receives a notification that a time stamp drift has occurred from the control frame processing unit 85, and determines that OSU redundancy switching has occurred.

  Further, the MAC address of the transmitting MAC device, that is, the OSU 12 is stored in the transmission source address field of the downstream frame transmitted by the OSU 12. Since different MAC devices cannot use the same MAC address, the value of the source address field changes before and after OSU redundancy switching.

  Therefore, the switching processing unit 83 detects a change in the transmission source address of the frame from the station side apparatus 101 as the occurrence of OSU redundancy switching.

  More specifically, when receiving a notification from the control frame processing unit 85 that the transmission source address of the PON control frame has changed, the switching processing unit 83 determines that OSU redundancy switching has occurred.

  Thereby, even when LoS cannot be detected, or even when the time stamp deviation between frames is small before and after redundancy switching, the switching processing unit 83 can detect the occurrence of OSU redundancy switching.

  Based on the detection result of the OSU redundancy switching and the detection result of the association number extraction unit 55, the switching processing unit 83 determines whether or not to use the switching decryption key in the data frame decryption. Specifically, for example, when the OSU redundancy switching is not detected, the switching processing unit 83 changes the association number in the security tag of the data frame received from the OSU 12 to 2 or 3 corresponding to the OSU redundancy switching. If it is, it is determined that the state is abnormal.

  The ONU 202 can change the decryption key to be used after the redundancy switching by detecting the change of the association number in the security tag of the data frame even when the redundancy switching cannot be detected. For this reason, the ONU 202 does not need to have a configuration for detecting the switching processing unit 83 and redundant switching.

[Operation]
Next, redundant switching processing in the PON system according to the first embodiment of the present invention will be described with reference to the drawings. Hereinafter, in the PON system 301, a case where the encryption key used by the OSU 12 and the decryption key used by the ONU 202 are a common key will be described.

  FIG. 7 is a flowchart showing an operation procedure when performing redundant switching from the active OSU to the standby OSU in the PON system according to the first embodiment of the present invention.

  Referring to FIG. 7, before the redundant switching from the active OSU to the standby OSU, the ONU 202 and the active OSU perform communication by encrypting and decrypting the data frame using the normal key (step). S1).

  Next, the ONU 202 and the standby OSU acquire a switching key to be used after redundant switching from the active OSU to the standby OSU, and register it in each storage unit in advance.

  Specifically, for example, the ONU 202 and the active OSU perform a sharing process of encryption information such as a key used after redundant switching from the active OSU to the standby OSU during the communication, thereby switching the key. To get. For example, the ONU 202 and the active OSU acquire encryption information such as a key by a procedure according to IEEE 802.1X (registered trademark) -2010. Then, the active OSU notifies the standby OSU of the switching key during the communication (steps S2 and S3). Alternatively, for example, before starting the ONU 202 and each OSU 12, a communication carrier or the like may register a switching key in advance.

  Next, the active OSU notifies the ONU 202 of the MAC address of the standby OSU to be switched to, for example, in an extended OAM message (step S4).

  Next, the ONU 202 creates a switching SCI to be used after redundant switching from the active OSU to the standby OSU based on the MAC address of the standby OSU notified from the active OSU and its own LLID. Then, the ONU 202 registers the created switching SCI in its own storage unit (step S5).

  Next, when redundant switching from the active OSU to the standby OSU occurs (step S6), the active OSU notifies the standby OSU of switching information including the LLID of the ONU 202 that is communicating with itself. Note that the active OSU may notify the standby OSU of the switching information before redundant switching occurs (step S7).

  Next, the standby OSU creates an SCI used for encryption in communication with the ONU 202 based on the LLID of the ONU 202 notified from the active OSU and its own MAC address. Then, the standby OSU registers the created SCI in its own storage unit (step S8).

  Next, the standby OSU encrypts the data frame using the switching key registered in advance and the created SCI. The standby OSU sets the association number to the association number 2 for switching in the security tag of the data frame. Further, the standby OSU starts from 1 and increments the packet number in the security tag with the switching from the normal key to the switching key (step S9).

  Next, when the standby OSU changes from a switching key to a new key because the packet number has exceeded a predetermined threshold value, the standby OSU uses a normal 0 or an association number corresponding to the new key. 1 is used. The standby OSU continues to use the SCI created in step S8 (step S10).

  The standby OSU transmits the encrypted data frame to the ONU 202 (step S11).

  Next, the ONU 202 receives a data frame from the standby OSU, and detects that the association number in the security tag of the data frame transmitted from the station side device 101 has changed to the association number for switching (step S12). .

  Next, the ONU 202 decodes the data frame received from the standby OSU using the switching key and the switching SCI registered in advance (step S13).

  Next, when the ONU 202 changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal number 0 or 1 is used as the association number corresponding to the new key. use. The ONU 202 continues to use the switching SCI as the normal SCI (step S14).

  As described above, in the PON system 301, the OSU 12 and the ONU 202 should use the encryption key for switching and the decryption key for switching that are the encryption keys to be used after the redundant switching between the active OSU and the standby OSU. Each key is acquired in advance. Further, the ONU 202 acquires in advance channel information to be used after redundancy switching between the active OSU and the standby OSU, such as SCI.

  Further, for example, the OSU 12 and the ONU 202 associate a protected communication identification number such as an association number with an encryption key and a decryption key, respectively.

  When redundant switching between the active OSU and the standby OSU is performed, the switching destination OSU 12 transmits to the ONU 202 a data frame including a protected communication identification number corresponding to the switching encryption key.

  The ONU 202 extracts the protected communication identification number included in the data frame received from the OSU 12, and uses the switching decryption key, which is a decryption key corresponding to the extracted protected communication identification number, for decrypting the data frame.

  FIG. 8 is a flowchart showing an operation procedure when performing redundant switching from the standby OSU to the active OSU in the PON system according to the first embodiment of the present invention.

  Referring to FIG. 8, before redundant switching from standby OSU to active OSU, ONU 202 and standby OSU perform communication by encrypting and decrypting data frames using normal keys (steps). S21).

  Next, the ONU 202 and the active OSU acquire a switching key to be used after redundant switching from the standby OSU to the active OSU, and register it in each storage unit in advance (steps S22 and S23).

  Specifically, for example, the ONU 202 and the standby OSU perform a sharing process of encryption information such as a key used after redundant switching from the active OSU to the standby OSU during the communication, thereby switching the key. To get. For example, the ONU 202 and the standby OSU acquire encryption information such as a key by a procedure according to IEEE 802.1X (registered trademark) -2010. Then, the standby OSU notifies the operating OSU of the switching key during the communication (steps S22 and S23). Alternatively, for example, before starting the ONU 202 and each OSU 12, a communication carrier or the like may register a switching key in advance.

  Next, the standby OSU notifies the ONU 202 of the MAC address of the switching-destination active OSU, for example, in an extended OAM message (step S24).

  Next, the ONU 202 creates a switching SCI to be used after redundant switching from the standby OSU to the active OSU based on the MAC address of the active OSU notified from the standby OSU and its own LLID. Then, the ONU 202 registers the created switching SCI in its own storage unit (step S25).

  Next, when redundant switching from the standby OSU to the active OSU occurs (step S26), the standby OSU notifies the active OSU of switching information including the LLID of the ONU 202 that is communicating with itself. Note that the standby OSU may notify the switching OSU of the switching information before the redundant switching occurs (step S27).

  Next, the active OSU creates SCI used for encryption in communication with the ONU 202 based on the LLID of the ONU 202 notified from the standby OSU and its own MAC address. Then, the active OSU registers the created SCI in its own storage unit (step S28).

  Next, the active OSU encrypts the data frame using the switching key registered in advance and the created SCI. Further, the active OSU sets the association number to the association number 3 for switching in the security tag of the data frame. Further, the active OSU starts from 1 and increments the packet number in the security tag with the switching from the normal key to the switching key (step S29).

  Next, when the operating OSU changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal OS 0 or 0 is used as the association number corresponding to the new key. 1 is used. Further, the active OSU continues to use the SCI created in step S28 (step S30).

  In addition, the active OSU transmits the encrypted data frame to the ONU 202 (step S31).

  Next, the ONU 202 receives the data frame from the active OSU, and detects that the association number in the security tag of the data frame transmitted from the station side device 101 has changed to the association number for switching (step S32). .

  Next, the ONU 202 decodes the data frame received from the operational OSU using the switching key and switching SCI registered in advance (step S33).

  Next, when the ONU 202 changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal number 0 or 1 is used as the association number corresponding to the new key. use. The ONU 202 continues to use the switching SCI as the normal SCI (step S34).

  As described with reference to FIGS. 7 and 8, in the PON system 301, the standby OSU acquires in advance a switching encryption key to be used after switching from the active OSU to itself. The active OSU acquires in advance a switching encryption key to be used after switching from the standby OSU to itself. Then, the ONU 202 acquires in advance decryption keys corresponding to both of these switching encryption keys.

  FIG. 9 is a diagram showing switching information and encryption information used when performing redundant switching from the active OSU to the standby OSU in the PON system according to the first embodiment of the present invention.

  Referring to FIG. 9, in this PON system 301, for example, key x and key y are used as normal keys for association number 0 and association number 1, respectively, and used for redundant switching from the active OSU to the standby OSU. The key a is used as a switching key to be used, and the key b is used as a switching key used at the time of redundant switching from the standby OSU to the active OSU.

  Further, here, the port number, that is, the LLID of the ONU 202 is i, the MAC address of the active OSU is c, and the MAC address of the standby OSU is d.

  First, before redundant switching from the active OSU to the standby OSU, the ONU 202 and the active OSU perform communication by encrypting and decrypting data frames using the normal keys x and y and the SCIf. More specifically, when the packet number reaches a predetermined value, the active OSU switches the normal key, resets the packet number in the security tag to 1, and changes the association number. Specifically, the active OSU starts using the normal key y when the packet number reaches a predetermined value in a state where the normal key x with the association number 0 is used, for example. Then, the active OSU resets the packet number in the security tag to 1, and changes the association number from 0 to 1 (step S231).

  Next, the ONU 202 and the standby OSU register the association key 2 switching key a in the key management tables 60 and 70 as switching keys to be used after the redundant switching from the active OSU to the standby OSU, respectively. . A specific acquisition method is the same as that described in FIG. 7 (steps S232 and S233).

  Next, the active OSU notifies the ONU 202 of the MAC address d of the switching-destination standby OSU in, for example, an extended OAM message. The ONU 202 registers the MAC address d notified from the active OSU (step S234).

  Next, the ONU 202 creates an SCIg for switching to be used after redundant switching from the active OSU to the standby OSU based on the MAC address d of the standby OSU notified from the active OSU and its own LLIDi. . Then, the ONU 202 registers the created switching SCIg in association with the association number 2 in the key management table 60 (step S235).

  Next, when redundant switching from the active OSU to the standby OSU occurs (step S236), the active OSU notifies the standby OSU of switching information including the LLIDi of the ONU 202 that is communicating with itself. The active OSU may notify the standby OSU of the switching information before the redundant switching occurs (step S237).

  Next, the standby OSU creates SCIg used for encryption in communication with the ONU 202 based on the LLIDi of the ONU 202 notified from the active OSU and its own MAC address d. Then, the standby OSU registers the created SCIg in its own storage unit (step S238).

  Next, the standby OSU encrypts the data frame using the switching key a registered in advance and the created SCIg. The standby OSU sets the association number to the association number 2 for switching in the security tag of the data frame. Further, the standby OSU starts the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key. Then, the standby OSU transmits the encrypted data frame to the ONU 202 (step S239).

  Next, the ONU 202 receives a data frame from the standby OSU, and detects that the association number in the security tag of the data frame transmitted from the station side apparatus 101 has changed to the association number 2 for switching. Then, the ONU 202 decodes the data frame received from the standby OSU using the switching key a and the switching SCIg registered in advance.

  FIG. 10 is a diagram showing switching information and encryption information used when performing redundant switching from the standby OSU to the active OSU in the PON system according to the first embodiment of the present invention.

  Referring to FIG. 10, in this PON system 301, for example, key x and key y are used as normal keys for association number 0 and association number 1, respectively, and used for redundant switching from the active OSU to the standby OSU. The key a is used as a switching key to be used, and the key b is used as a switching key used at the time of redundant switching from the standby OSU to the active OSU.

  Further, here, the port number, that is, the LLID of the ONU 202 is i, the MAC address of the active OSU is e, and the MAC address of the standby OSU is d.

  First, before redundant switching from the standby OSU to the active OSU, the ONU 202 and the standby OSU perform communication by encrypting and decrypting data frames using the normal keys x and y and SCIg. More specifically, when the packet number reaches a predetermined value, the standby OSU switches the normal key, resets the packet number in the security tag to 1, and changes the association number. Specifically, the standby OSU starts using the normal key y when the packet number reaches a predetermined value in the state where the normal key x with the association number 0 is used, for example. Then, the standby OSU resets the packet number in the security tag to 1, and changes the association number from 0 to 1 (step S251).

  Next, the ONU 202 and the active OSU register the switching key b with the association number 3 in the key management tables 60 and 70 as switching keys to be used after the redundant switching from the standby OSU to the active OSU, respectively. . A specific acquisition method is the same as that described in FIG. 8 (steps S252 and S253).

  Next, the standby OSU notifies the ONU 202 of the MAC address e of the switching-destination active OSU, for example, in an extended OAM message. The ONU 202 registers the MAC address e notified from the standby OSU (step S254).

  Next, the ONU 202 creates SCIh for switching to be used after redundant switching from the standby OSU to the active OSU based on the MAC address e of the active OSU notified from the standby OSU and its own LLIDi. . Then, the ONU 202 registers the created switching SCIh in association with the association number 3 in the key management table 60 (step S255).

  Next, when redundant switching from the standby OSU to the active OSU occurs (step S256), the standby OSU notifies the active OSU of switching information including the LLIDi of the ONU 202 that is communicating with itself. Note that the standby OSU may notify the switching OSU of the switching information before the redundant switching occurs (step S257).

  Next, the active OSU creates SCIh used for encryption in communication with the ONU 202 based on the LLIDi of the ONU 202 notified from the standby OSU and its own MAC address e. Then, the active OSU registers the created SCIh in its own storage unit (step S258).

  Next, the active OSU encrypts the data frame using the switching key b registered in advance and the created SCIh. Further, the active OSU sets the association number to the association number 3 for switching in the security tag of the data frame. Further, the operational OSU starts from 1 and increments the packet number in the security tag with the switching from the normal key to the switching key. Then, the operational OSU transmits the encrypted data frame to the ONU 202 (step S259).

  Next, the ONU 202 receives the data frame from the active OSU, and detects that the association number in the security tag of the data frame transmitted from the station side device 101 has changed to the association number 3 for switching. Then, the ONU 202 decrypts the data frame received from the active OSU using the switching key b and the switching SCIh registered in advance.

  By the way, when performing redundant switching from the active OSU to the standby OSU, for example, the ONU communicating with the active OSU newly communicates with the standby OSU in accordance with a predetermined procedure, thereby Encryption information such as keys used for encryption and decryption must be shared with the standby OSU. For this reason, the communication stop time of the PON system due to redundant switching becomes long.

  On the other hand, in the communication system according to the first embodiment of the present invention, the OSU 12 and the ONU 202 are used for switching encryption that is an encryption key to be used after redundant switching between the active OSU and the standby OSU. A switching decryption key that is a key and a decryption key is acquired in advance. That is, in the home-side control unit according to the first embodiment of the present invention, the key update unit 81 in the control unit 29 is a decryption key to be used after redundant switching between the active OSU and the standby OSU. The decryption key for use is acquired in advance. In the station side control unit according to the first embodiment of the present invention, the key update unit 72 in the PON control unit 36 is an encryption key to be used after redundant switching between the active OSU and the standby OSU. A switching encryption key is acquired in advance.

  That is, the OSU 12 and the ONU 202 respectively obtain in advance a switching encryption key that is an encryption key and a switching decryption key that is a decryption key that should be used after redundant switching between the active OSU and the standby OSU. After the redundancy switching, the OSU 12 transmits a communication signal, for example, a frame encrypted using the acquired switching encryption key to the ONU 202. Then, the ONU 202 decrypts the encrypted frame received from the OSU 12 using the acquired switching decryption key.

  As described above, the key to be used after the redundancy switching is acquired in advance before the redundancy switching, so that the ONU 202 can continuously decode the frame before and after the redundancy switching, thereby reducing the communication stop time associated with the redundancy switching. Therefore, stable and high communication quality can be provided.

  In addition, since the key can be changed before and after the redundant switching, it is not necessary to transfer information such as the packet number of the frame between the switching source OSU and the switching destination OSU. Realized and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved.

  Therefore, in the communication system, the home-side control unit, and the station-side control unit according to the first embodiment of the present invention, a security function between the station-side device and the home-side device is realized and redundant switching in the station-side device is performed. On the other hand, an increase in communication stop time between the station side device and the home side device can be suppressed, and a highly reliable communication system can be provided.

  In the communication system according to the first embodiment of the present invention, the standby OSU acquires in advance a switching encryption key to be used after switching from the active OSU to itself. The active OSU acquires in advance a switching encryption key to be used after switching from the standby OSU to itself. Then, the ONU 202 acquires in advance decryption keys corresponding to both of these switching encryption keys.

  With such a configuration, different keys can be used for redundant switching from the active OSU to the standby OSU and redundant switching from the standby OSU to the active OSU, thereby further improving security. be able to.

  In the communication system according to the first embodiment of the present invention, the OSU 12 and the ONU 202 associate the protection communication identification number with the encryption key and the decryption key, respectively. When redundant switching between the active OSU and the standby OSU is performed, the switching destination OSU 12 transmits a frame including the protected communication identification number corresponding to the switching encryption key to the ONU 202. Then, the ONU 202 extracts the protected communication identification number included in the frame received from the OSU 12, and uses the switching decryption key, which is a decryption key corresponding to the extracted protected communication identification number, for decrypting the frame.

  With such a configuration, the ONU 202 does not notify the ONU 202 of occurrence of redundant switching, or the ONU 202 does not detect redundant switching between the active OSU and the standby OSU, and the ONU 202 performs switching at an appropriate timing. By changing to the decryption key, the frame can be continuously decrypted before and after the redundancy switching.

  Further, in the communication system according to the first embodiment of the present invention, the ONU 202 acquires in advance channel information such as SCI to be used after redundant switching between the active OSU and the standby OSU.

  With such a configuration, even when the SCI is used for encryption in addition to the key, the ONU 202 can continuously decode the frame before and after the redundancy switching, so that the communication stop time in the communication system can be shortened. Stable and high communication quality can be provided.

  In the communication system according to the first embodiment of the present invention, the ONU 202 detects the occurrence of redundant switching based on the difference between the time information from the OSU 12 and its own time information.

  With such a configuration, even when the SCI is not included in the frame, the redundant switching of the OSU 12 can be detected with a simple process.

  Further, in the communication system according to the first embodiment of the present invention, the ONU 202 detects the interruption of the frame from the OSU 12 or the change of the identification information of the encryption source included in the frame from the OSU 12 as the occurrence of redundant switching. To do.

  With such a configuration, even when the SCI is not included in the frame, the redundant switching of the OSU 12 can be detected with a simple process.

  In the home-side control unit according to the first embodiment of the present invention, the storage unit 52 includes a normal decryption key that is a decryption key used before redundant switching between the active OSU and the standby OSU, The switching decryption key that is the decryption key to be used after the redundant switching is stored.

  Further, in the station side control unit according to the first embodiment of the present invention, the storage unit 62 is a normal encryption key that is an encryption key used before redundant switching between the active OSU and the standby OSU, And a switching encryption key that is an encryption key to be used after the redundancy switching.

  With such a configuration, since the key to be used after the redundancy switching can be acquired in advance before the redundancy switching, the ONU 202 can continuously decode the frame before and after the redundancy switching. Thereby, the communication stop time accompanying redundancy switching can be shortened, and stable and high communication quality can be provided.

  In addition, since the key can be changed before and after the redundant switching, it is not necessary to transfer information such as the packet number of the frame between the switching source OSU and the switching destination OSU. Realized and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved.

  Therefore, in the home-side control unit and the station-side control unit according to the first embodiment of the present invention, while realizing the security function between the station-side device and the home-side device, for redundant switching in the station-side device, An increase in communication stop time between the station side device and the home side device can be suppressed, and a highly reliable communication system can be provided.

  Next, another embodiment of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

<Second Embodiment>
The present embodiment relates to a PON system that performs redundancy switching detection and SCI update processing using frame transmission source information as compared to the PON system according to the first embodiment. The contents other than those described below are the same as those of the PON system according to the first embodiment.

  In the PON system according to the second embodiment of the present invention, the ONU 202 monitors transmission source identification information, for example, a MAC address, included in the control frame from the OSU 12, and if the identification information changes, the identification after the change is performed. Based on the information, channel information such as SCI is updated.

  FIG. 11 is a diagram illustrating configurations of a control unit and a decoding unit in the ONU according to the second embodiment of the present invention.

  Referring to FIG. 11, storage unit 52 has a common SCI storage area for association numbers 0 to 3 in key management table 60 as compared to the storage unit according to the first embodiment of the present invention. It is different in point.

  For example, the control frame processing unit 85 monitors the transmission source MAC address of the control frame, and when the transmission source MAC address changes, notifies the SCI creation unit 82 and the switching processing unit 83 to that effect. The address is notified to the MAC address update unit 84.

  When receiving the notification of the transmission source MAC address from the control frame processing unit 85, the MAC address updating unit 84 rewrites the MAC address in the storage unit 52 to the notified MAC address.

  When the MAC address changes as a result of monitoring the transmission source MAC address included in the control frame from the OSU 12 by the control frame processing unit 85, the SCI creation unit 82 updates the SCI based on the changed MAC address.

  More specifically, when the SCI creation unit 82 receives the above notification from the control frame processing unit 85 and the MAC address in the storage unit 52 is updated, the SCI creation unit 82 is based on the updated MAC address and the LLID of its own ONU 202. A new SCI is created, and the SCI in the key management table 60 is rewritten with the newly created SCI.

  Upon receiving the notification from the control frame processing unit 85, the switching processing unit 83 determines that OSU redundancy switching has occurred.

  FIG. 12 is a flowchart showing an operation procedure when performing redundant switching from the active OSU to the standby OSU in the PON system according to the second embodiment of the present invention.

  12, operations in steps S71 to S73 and S76 to S77 are similar to the operations in steps S1 to S3 and S6 to S7 in the flowchart shown in FIG. 7, and thus detailed description thereof will not be repeated here.

  Next, the standby OSU generates a control frame using the switching information notified from the active OSU and transmits it to the ONU 202 (step S78).

  Next, the ONU 202 receives the control frame from the standby OSU, and confirms that the transmission source address of the control frame transmitted from the station side apparatus 101 has changed from the MAC address of the active OSU to the MAC address of the standby OSU. Detection is performed (step S79).

  Next, the ONU 202 newly creates an SCI based on the detected MAC address of the standby OSU and its own LLID, and registers it in its own storage unit. That is, in this example, since the SCI only needs to be updated, it is not necessary to secure a storage area for the switching SCI in the storage unit of the ONU 202 (step S80).

  Next, the standby OSU creates an SCI used for encryption in communication with the ONU 202 based on the LLID of the ONU 202 notified from the active OSU and its own MAC address. Then, the standby OSU registers the created SCI in its own storage unit (step S81).

  Next, the standby OSU encrypts the data frame using the switching key registered in advance and the created SCI. The standby OSU sets the association number to the association number 2 for switching in the security tag of the data frame. Further, the standby OSU starts from 1 and increments the packet number in the security tag with the switching from the normal key to the switching key (step S82).

  Next, when the standby OSU changes from a switching key to a new key because the packet number has exceeded a predetermined threshold value, the standby OSU uses a normal 0 or an association number corresponding to the new key. 1 is used. The standby OSU continues to use the SCI created in step S81 (step S83).

  The standby OSU transmits the encrypted data frame to the ONU 202 (step S84).

  Next, the ONU 202 uses the switching key registered in advance and the updated SCI to decode the data frame received from the standby OSU (step S85).

  Next, when the ONU 202 changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal number 0 or 1 is used as the association number corresponding to the new key. Used (step S86).

  FIG. 13 is a flowchart showing an operation procedure when performing redundant switching from the standby OSU to the active OSU in the PON system according to the second embodiment of the present invention.

  Referring to FIG. 13, operations in steps S91 to S93 and S96 to S97 are the same as the operations in steps S21 to S23 and S26 to S27 in the flowchart shown in FIG. 8, and thus detailed description will not be repeated here.

  Next, the active OSU generates a control frame using the switching information notified from the standby OSU and transmits it to the ONU 202 (step S98).

  Next, the ONU 202 receives the control frame from the active OSU, and confirms that the transmission source address of the control frame transmitted from the station side apparatus 101 has changed from the MAC address of the standby OSU to the MAC address of the active OSU. Detection is performed (step S99).

  Next, the ONU 202 newly creates an SCI based on the detected MAC address of the active OSU and its own LLID, and registers it in its own storage unit. That is, in this example, since the SCI only needs to be updated, it is not necessary to secure a storage area for the switching SCI in the storage unit of the ONU 202 (step S100).

  Next, the active OSU creates SCI used for encryption in communication with the ONU 202 based on the LLID of the ONU 202 notified from the standby OSU and its own MAC address. Then, the active OSU registers the created SCI in its own storage unit (step S101).

  Next, the active OSU encrypts the data frame using the switching key registered in advance and the created SCI. Further, the active OSU sets the association number to the association number 3 for switching in the security tag of the data frame. Further, the active OSU starts from 1 and increments the packet number in the security tag with the switching from the normal key to the switching key (step S102).

  Next, when the operating OSU changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal OS 0 or 0 is used as the association number corresponding to the new key. 1 is used. Further, the active OSU continues to use the SCI created in step S101 (step S103).

  In addition, the active OSU transmits the encrypted data frame to the ONU 202 (step S104).

  Next, the ONU 202 decrypts the data frame received from the active OSU using the switching key registered in advance and the updated SCI (step S105).

  Next, when the ONU 202 changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal number 0 or 1 is used as the association number corresponding to the new key. Used (step S106).

  As described above, in the communication system according to the second embodiment of the present invention, the ONU 202 monitors the control signal from the OSU 12, such as the transmission source identification information included in the control frame, such as the MAC address, and the identification information changes. In this case, the channel information such as SCI is updated based on the changed identification information.

  With this configuration, the ONU 202 can acquire the SCI to be used after redundant switching without notifying the ONU 202 of the MAC address of the switching destination OSU 12 from the switching source OSU 12. Further, even when the security tag of the data frame does not include SCI, it is possible to perform encryption and decryption using a new SCI after redundancy switching, thereby preventing communication suspension due to SCI.

  Since other configurations and operations are the same as those of the PON system according to the first embodiment, detailed description thereof will not be repeated here.

  Next, another embodiment of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

<Third Embodiment>
The present embodiment relates to a PON system in which the ONU detects switching of the security tag type as compared to the PON system according to the first embodiment. The contents other than those described below are the same as those of the PON system according to the first embodiment.

  In the PON system according to the third embodiment of the present invention, the OSU 12 determines the state in which the data frame not including the SCI is transmitted to the ONU 202 and the SCI according to the timing when the redundant switching between the active OSU and the standby OSU is performed. The transition between the states in which the data frame including is transmitted to the ONU 202 is executed.

  The ONU 202 detects a transition between a state not including the SCI and a state including the SCI in the data frame received from the OSU 12 as occurrence of redundant switching.

  Further, for example, after the OSU 12 performs the transition from the state in which the data frame not including the SCI is transmitted to the ONU 202 to the state in which the data frame including the SCI is transmitted to the ONU 202, the data frame that does not include the SCI is The transition to the state sent to is executed.

  Further, when the OSU 12 performs a transition between a state in which a data frame not including the SCI is transmitted to the ONU 202 and a state in which a data frame including the SCI is transmitted to the ONU 202, the OSU 12 does not have data to be transmitted to the ONU 202. , A data frame including dummy data is transmitted to the ONU 202. In this case, for example, the OSU 12 may broadcast a data frame including dummy data.

  Each operation of the OSU 12 is performed by the encryptor 63 in the encryption unit 30.

  FIG. 14 is a diagram illustrating configurations of a control unit and a decoding unit in the ONU according to the third embodiment of the present invention.

  Referring to FIG. 14, decoding unit 20 further includes a tag change detection unit 58 as compared with the decoding unit according to the first embodiment of the present invention.

  A part or all of the units in the control unit 29 and the decoding unit 20 are realized by, for example, one integrated circuit as a home-side control unit. This integrated circuit may further include units other than the control unit 29 and the decoding unit 20 in the ONU 202. The storage unit 62 may be included in the control unit 29, or the storage area may be divided and included in the control unit 29 and the decoding unit 20.

  The switching processing unit 83 detects a transition between a state that does not include channel information such as SCI and a state that includes channel information in a data frame received from the OSU 12 as occurrence of redundant switching.

  More specifically, the tag change detection unit 58 monitors the security tag of the data frame received from the frame type identification unit 57 and detects switching between the long tag and the short tag. Further, when the tag change detection unit 58 detects switching between the long tag and the short tag, the tag change detection unit 58 notifies the switching processing unit 83 to that effect.

  The switching processing unit 83 receives the notification from the tag change detection unit 58 and determines that OSU redundancy switching has occurred.

  When the switching processing unit 83 detects the occurrence of redundant switching because the data frame received from the OSU 12 has transitioned from the state not including the SCI to the state including the SCI, the decoder 51 detects the occurrence of the redundant switching. The data frame is decoded using the SCI included in the data frame instead of the SCI used before.

  More specifically, when the tag change detection unit 58 detects switching from a short tag to a long tag, the tag change detection unit 58 outputs the long tag to the SCI creation unit 82.

  The SCI creation unit 82 receives the long tag from the tag change detection unit 58 and rewrites the SCI in the key management table 60 to the SCI included in the long tag.

  FIG. 15 is a flowchart showing an operation procedure when performing redundant switching from the active OSU to the standby OSU in the PON system according to the third embodiment of the present invention.

  Referring to FIG. 15, before redundant switching from the active OSU to the standby OSU, the ONU 202 and the active OSU perform communication by encrypting and decrypting the data frame using the normal key. Here, the security tag of the data frame is, for example, a short tag (step S111).

  Next, the ONU 202 and the standby OSU acquire a switching key to be used after the redundant switching from the active OSU to the standby OSU and register it beforehand in each storage unit (steps S112 and S113).

  Next, the active OSU notifies the ONU 202 of the MAC address of the standby OSU that is the switching destination in, for example, an extended OAM message (step S114).

  Next, the ONU 202 creates a switching SCI to be used after redundant switching from the active OSU to the standby OSU based on the MAC address of the standby OSU notified from the active OSU and its own LLID. Then, the ONU 202 registers the created switching SCI in its own storage unit (step S115).

  Next, when the redundant switching from the active OSU to the standby OSU is scheduled, the active OSU switches the security tag from the short tag to the long tag, that is, creates a data frame including the long tag as the security tag. (Step S116).

  Next, the active OSU transmits a data frame including a long tag to the ONU 202 (step S117).

  Next, the ONU 202 receives a data frame from the active OSU and detects that the security tag of the data frame transmitted from the station side device 101 has changed from a short tag to a long tag. Thereby, the ONU 202 detects the occurrence of redundant switching from the active OSU to the standby OSU (step S118).

  Next, when redundant switching from the active OSU to the standby OSU occurs (step S119), the active OSU notifies the standby OSU of switching information including the LLID of the ONU 202 that is communicating with itself. The active OSU may notify the standby OSU of the switching information before the redundant switching occurs (step S120).

  Next, the standby OSU creates an SCI used for encryption in communication with the ONU 202 based on the LLID of the ONU 202 notified from the active OSU and its own MAC address. Then, the standby OSU registers the created SCI in its own storage unit (step S121).

  Next, the standby OSU encrypts the data frame using the switching key registered in advance and the created SCI. Further, the standby OSU sets the security tag of the data frame as a short tag, and sets the association number to the association number 2 for switching in the security tag. Further, the standby OSU starts with the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key (step S122).

  Next, when the standby OSU changes from a switching key to a new key because the packet number has exceeded a predetermined threshold value, the standby OSU uses a normal 0 or an association number corresponding to the new key. 1 is used. The standby OSU continues to use the SCI created in step S121 (step S123).

  Next, the standby OSU transmits the encrypted data frame to the ONU 202 (step S124).

  Next, the ONU 202 receives a data frame from the standby OSU, and detects that the association number in the security tag of the data frame transmitted from the station side device 101 has changed to the association number for switching (step S125). .

  Next, since the ONU 202 has detected redundant switching in advance, it determines that the association number has been changed normally, and uses the switching key and switching SCI registered in advance to use the standby OSU. The data frame received from is decoded (step S126).

  Next, when the ONU 202 changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal number 0 or 1 is used as the association number corresponding to the new key. use. Also, the ONU 202 continues to use the switching SCI as the normal SCI (step S127).

  When the active OSU is transmitting a data frame including a long tag as a security tag in a normal state, if the redundant switching from the active OSU to the standby OSU is planned, the active OSU It may be configured to switch from a tag to a short tag. In this case, the ONU 202 detects that the security tag of the data frame transmitted from the station side device 101 has changed from the long tag to the short tag, and detects the occurrence of redundant switching from the active OSU to the standby OSU.

  FIG. 16 is a flowchart showing another example of an operation procedure when performing redundant switching from the active OSU to the standby OSU in the PON system according to the third embodiment of the present invention.

  When the ONU 202 detects the occurrence of redundant switching because the data frame received from the OSU 12 has transitioned from a state not including the SCI to a state including the SCI, the ONU 202 replaces the SCI used before detecting the occurrence of the redundant switching. In addition, the data frame is decoded using the SCI included in the data frame.

  Specifically, referring to FIG. 16, before the redundancy switching from the active OSU to the standby OSU, the ONU 202 and the active OSU encrypt and decrypt the data frame using the normal key, Communicate. Here, the security tag of the data frame is, for example, a short tag (step S131).

  Next, the ONU 202 and the standby OSU acquire a switching key to be used after redundant switching from the active OSU to the standby OSU, and register it beforehand in each storage unit (steps S132 and S133).

  Next, when redundant switching from the active OSU to the standby OSU occurs (step 134), the active OSU notifies the standby OSU of switching information including the LLID of the ONU 202 that is communicating with itself. Note that the active OSU may notify the standby OSU of the switching information before the redundant switching occurs (step S135).

  Next, the standby OSU creates an SCI used for encryption in communication with the ONU 202 based on the LLID of the ONU 202 notified from the active OSU and its own MAC address. Then, the standby OSU registers the created SCI in its own storage unit (step S136).

  Next, the active OSU transmits a data frame including a long tag as a security tag to the ONU 202 (step S137).

  Next, the ONU 202 receives a data frame from the standby OSU and detects that the security tag of the data frame transmitted from the station side apparatus 101 has changed from the short tag to the long tag. Thereby, the ONU 202 detects the occurrence of redundant switching from the active OSU to the standby OSU (step S138).

  Next, the ONU 202 extracts the SCI from the long tag of the data frame received from the standby OSU, and registers it as a new SCI in its storage unit. That is, in this example, it is only necessary to update the SCI, so that it is not necessary to secure a storage area for the switching SCI in the storage unit of the ONU 202. Even if the LLID information is not included or incorrect in the long tag, the ONU 202 can update the SCI from its own LLID if the MAC address information in the long tag is correct. (Step S139).

  Next, the standby OSU switches the security tag from the long tag to the short tag (step S140).

  Next, the standby OSU encrypts the data frame using the switching key registered in advance and the created SCI. The standby OSU sets the association number to the association number 2 for switching in the short tag of the data frame. Further, the standby OSU starts the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key (step S141).

  Next, when the standby OSU changes from a switching key to a new key because the packet number has exceeded a predetermined threshold value, the standby OSU uses a normal 0 or an association number corresponding to the new key. 1 is used. The standby OSU continues to use the SCI created in step S136 (step S142).

  Next, the standby OSU transmits the encrypted data frame to the ONU 202 (step S143).

  Next, the ONU 202 receives a data frame from the standby OSU, and detects that the association number in the security tag of the data frame transmitted from the station side device 101 has changed to the association number for switching (step S144). .

  Next, since the ONU 202 has detected redundant switching in advance, the ONU 202 determines that the change of the association number is normal, and uses the previously registered switching key and the updated SCI to The data frame received from the OSU is decoded (step S145).

  Next, when the ONU 202 changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal number 0 or 1 is used as the association number corresponding to the new key. Used (step S146).

  As described above, in the communication system according to the third embodiment of the present invention, the OSU 12 transmits a communication signal that does not include channel information, for example, a frame that does not include SCI, to the ONU 202 according to the timing at which redundancy switching is performed. And a transition between states in which a frame containing SCI is transmitted to the ONU 202 is performed. Then, the ONU 202 detects a transition between a state that does not include the SCI and a state that includes the SCI in the frame received from the OSU 12 as occurrence of redundant switching.

  With such a configuration, it is possible to reliably notify the occurrence of redundancy switching from the OSU 12 to the ONU 202 with a simple process.

  Further, in the communication system according to the third embodiment of the present invention, when the ONU 202 detects the occurrence of redundant switching because the frame received from the OSU 12 has transitioned from the state not including the SCI to the state including the SCI, Instead of the SCI used before detecting the occurrence of the redundant switching, the frame is decoded using the SCI included in the frame.

  With such a configuration, the SCI to be used after the redundancy switching can be acquired by a simple process without creating a new SCI in the ONU 202 in accordance with the redundancy switching.

  In the communication system according to the third embodiment of the present invention, the OSU 12 performs a transition from a state in which a frame not including the SCI is transmitted to the ONU 202 to a state in which a frame including the SCI is transmitted to the ONU 202. After that, a transition to a state in which a frame that does not include the SCI is transmitted to the ONU 202 is executed.

  As described above, the configuration in which redundancy switching is notified to the ONU 202 by switching the presence / absence of SCI in the data frame and then the transmission is switched to the transmission of the data frame that does not include the SCI. Can be reduced.

  In the communication system according to the third embodiment of the present invention, the OSU 12 performs a transition between a state in which a frame not including the SCI is transmitted to the ONU 202 and a state in which a frame including the SCI is transmitted to the ONU 202. At this time, if there is no data to be transmitted to the ONU 202, a frame including dummy data is transmitted to the ONU 202.

  With such a configuration, it is possible to reliably notify the redundancy switching to the ONU 202 by switching the presence / absence of SCI in the data frame regardless of the usage status of the communication service.

  In the communication system according to the third embodiment of the present invention, the OSU 12 broadcasts a frame including dummy data.

  As described above, since the data frame including the dummy data is broadcast, it is possible to notify the redundant switching to all the ONUs 202 under the OSU 12 in one frame, thereby reducing the use band and the processing time in the communication system. be able to.

  Since other configurations and operations are the same as those of the PON system according to the first embodiment, detailed description thereof will not be repeated here.

  Next, another embodiment of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

<Fourth embodiment>
The present embodiment relates to a PON system in which an ONU detects a change in SCI compared to the PON system according to the first embodiment. The contents other than those described below are the same as those of the PON system according to the first embodiment.

  FIG. 17 is a diagram illustrating configurations of a control unit and a decoding unit in the ONU according to the fourth embodiment of the present invention.

  Referring to FIG. 17, decoding unit 20 further includes an SCI extraction unit 56 as compared with the decoding unit according to the first embodiment of the present invention.

  A part or all of the units in the control unit 29 and the decoding unit 20 are realized by, for example, one integrated circuit as a home-side control unit. This integrated circuit may further include units other than the control unit 29 and the decoding unit 20 in the ONU 202. The storage unit 62 may be included in the control unit 29, or the storage area may be divided and included in the control unit 29 and the decoding unit 20.

  The switching processing unit 83 monitors channel information included in the data frame from the OSU 12 and detects a change in the channel information as occurrence of redundant switching.

  More specifically, the SCI extraction unit 56 extracts the SCI included in the data frame received from the frame type identification unit 57, and notifies the switching processing unit 83 when the extracted SCI is different from the previously extracted SCI. At the same time, the SCI in the storage unit 52 is rewritten to the newly extracted SCI.

  The switching processing unit 83 receives the notification from the SCI extracting unit 56 and determines that OSU redundancy switching has occurred.

  FIG. 18 is a flowchart showing an operation procedure when performing redundant switching from the active OSU to the standby OSU in the PON system according to the fourth embodiment of the present invention.

  Referring to FIG. 18, before the redundant switching from the active OSU to the standby OSU, the ONU 202 and the active OSU perform communication by encrypting and decrypting the data frame using the normal key. Here, the security tag of the data frame is, for example, a long tag (step S151).

  Next, the ONU 202 and the standby OSU acquire a switching key to be used after redundant switching from the active OSU to the standby OSU and register it beforehand in each storage unit (steps S152 and S153).

  Next, when redundant switching from the active OSU to the standby OSU occurs (step S154), the active OSU notifies the standby OSU of switching information including the LLID of the ONU 202 that is communicating with itself. Note that the active OSU may notify the standby OSU of the switching information before redundant switching occurs (step S155).

  Next, the standby OSU creates an SCI used for encryption in communication with the ONU 202 based on the LLID of the ONU 202 notified from the active OSU and its own MAC address. Then, the standby OSU registers the created SCI in its own storage unit (step S156).

  Next, the active OSU transmits a data frame including a long tag as a security tag to the ONU 202 (step S157).

  Next, the ONU 202 receives a data frame from the standby OSU, extracts the SCI from the long tag of the data frame received from the standby OSU, and detects that the SCI in the security tag has changed. Thereby, the ONU 202 detects the occurrence of redundant switching from the active OSU to the standby OSU (step S158).

  Next, the ONU 202 registers the SCI in which the change is detected as a new SCI in its own storage unit. That is, in this example, since the SCI only needs to be updated, it is not necessary to secure a storage area for the switching SCI in the storage unit of the ONU 202 (step S159).

  Next, the standby OSU encrypts the data frame using the switching key registered in advance and the created SCI. The standby OSU sets the association number to the association number 2 for switching in the long tag of the data frame. Further, the standby OSU starts the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key (step S160).

  Next, when the standby OSU changes from a switching key to a new key because the packet number has exceeded a predetermined threshold value, the standby OSU uses a normal 0 or an association number corresponding to the new key. 1 is used. The standby OSU continues to use the SCI created in step S156 (step S161).

  Next, the standby OSU transmits the encrypted data frame to the ONU 202 (step S162).

  Next, the ONU 202 receives a data frame from the standby OSU, and detects that the association number in the security tag of the data frame transmitted from the station side device 101 has changed to the association number for switching (step S163). .

  Next, since the ONU 202 has detected redundant switching in advance, the ONU 202 determines that the change of the association number is normal, and uses the previously registered switching key and the updated SCI to The data frame received from the OSU is decoded (step S164).

  Next, when the ONU 202 changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal number 0 or 1 is used as the association number corresponding to the new key. Used (step S166).

  As described above, in the communication system according to the fourth embodiment of the present invention, the ONU 202 monitors the control signal from the OSU 12, for example, the channel information such as the SCI included in the control frame, and the change of the channel information is generated by the redundant switching. Detect as.

  With such a configuration, it is possible to detect redundant switching of the OSU 12 and to update the SCI at the same time with simple processing without separately monitoring changes in the transmission source address of the frame, etc., so that efficient processing is performed. be able to.

  Since other configurations and operations are the same as those of the PON system according to the first embodiment, detailed description thereof will not be repeated here.

  In the first to fourth embodiments of the present invention, the PON system in which the encryption key used by the OSU 12 and the decryption key used by the ONU 202 are a common key has been described. However, the PON system 301 only needs to have a configuration in which the ONU 202 uses a decryption key corresponding to the encryption key used in the OSU 12. For example, even if the encryption key used by the OSU 12 and the decryption key used by the ONU 202 are different. Good.

  Next, another embodiment of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

<Fifth embodiment>
The present embodiment relates to a PON system that copes with upstream encryption as compared to the PON systems according to the first to fourth embodiments. The contents other than those described below are the same as those of the PON system according to the first to fourth embodiments.

  FIG. 19 is a diagram showing the configuration of the OSU in the station side apparatus according to the fifth embodiment of the present invention.

  Referring to FIG. 19, OSU 12 further includes a decoding unit 40 as compared with OSU according to the first embodiment of the present invention. The OSU 12 may be configured without the encryption unit 30.

  The reception processing unit 33 reconstructs a frame from the electrical signal received from the PON transmission / reception unit 35 and distributes the frame to the PON control unit 36 or the decoding unit 40 according to the type of the frame. Specifically, the data frame is output to the decoding unit 40 and the control frame is output to the PON control unit 36.

  The decoding unit 40 decodes the data frame received from the reception processing unit 33 and outputs the data frame to the FIFO 37.

  FIG. 20 is a diagram showing a configuration of an ONU according to the fifth embodiment of the present invention.

  Referring to FIG. 20, ONU 202 further includes an encryption unit 39, as compared to the ONU according to the first embodiment of the present invention. The ONU 202 may be configured without the decoding unit 20.

  The reception processing unit 26 outputs the data frame received from the user terminal via the UNI port 25 to the encryption unit 39 via the buffer memory 27.

  The encryption unit 39 encrypts the data frame received from the reception processing unit 26 and outputs it to the optical transmission processing unit 28.

  The optical transmission processing unit 28 converts the data frame received from the encryption unit 39 and the control frame received from the control unit 29 into an optical signal, and transmits the optical signal to the station apparatus 101 via the PON port 21.

  FIG. 21 is a diagram showing configurations of the PON control unit and the decoding unit in the OSU according to the fifth embodiment of the present invention.

  Referring to FIG. 21, decryption unit 40 includes decryptor (decryption unit) 151, storage unit 162, SCI selection unit 153, key selection unit 154, association number extraction unit (protected communication identification number extraction unit). ) 155. The PON control unit 36 includes a key update unit (decryption key acquisition unit) 181, an SCI creation unit (channel information update unit) 182, and a switching processing unit (switch detection unit) 183.

  Part or all of the units in the PON control unit 36 and the decoding unit 40 are realized by, for example, one integrated circuit as the station-side control unit. This integrated circuit may further include units other than the PON control unit 36 and the decoding unit 40 in the OSU 12. The storage unit 162 may be included in the PON control unit 36, or the storage area may be divided and included in the decoding unit 40 and the PON control unit 36.

  In the decryption unit 40, the storage unit 162 switches a normal decryption key that is a decryption key used before redundant switching between the active OSU and the standby OSU and a decryption key that should be used after the redundant switch. The decryption key is stored. More specifically, the storage unit 162 stores encryption information such as the key management table 170, the MAC address of the ONU 202, and the SCI (Secure Channel Identifier) for each logical link identifier (LLID).

  In the PON control unit 36, the key update unit 181 acquires in advance a switching decryption key that is a decryption key to be used after redundant switching between the active OSU and the standby OSU. The key update unit 181 acquires a decryption key necessary for encrypted communication with each ONU 202 under its own OSU 12, for example, for each LLID, and stores the acquired decryption key in the storage unit 162. Note that not only one ONU 202 corresponds to one LLID, but one ONU 202 may correspond to a plurality of LLIDs.

  More specifically, the key update unit 181 creates a key management table (key management information) 170 indicating a correspondence relationship between a secure communication identification number (Secure Association Number) and a decryption key such as SAK for each LLID, Save in the storage unit 162.

  Here, the protected communication identification number is, for example, an association number (AN) in Non-Patent Document 2. The association number is 2-bit data, and it is possible to register protected communication corresponding to four different keys for one LLID.

  In the PON system 301, for example, association numbers 0 and 1 are used as protection communication identification numbers for keys that are normally used, and association number 2 is protection corresponding to a key that is used for redundant switching from the active OSU 12 to the standby OSU 12. A communication identification number is used, and association number 3 is a protected communication identification number corresponding to a key used for redundant switching from the standby OSU 12 to the active OSU 12.

  The switching keys for association numbers 2 and 3 are not limited to different keys, and may be the same key.

  Further, the present invention can be applied not only when the key is a unicast key but also when the key is a broadcast key and a multicast key.

  Further, the key is not limited to a configuration in which the key is a fixed key such as PSK (Pre-shared Key), but may be updated periodically, or after use, for example, after redundancy switching. In this case, since the key is difficult to predict, security can be improved.

  The SCI creation unit 182 creates channel information based on the identification information of the own OSU 12 and the identification information of the ONU 202 that is the encryption source of the frame. For example, the SCI creation unit 182 creates an SCI (Secure Channel Identifier) in Non-Patent Document 2 as channel information.

  The SCI is composed of a system identifier and a port number. Specifically, the system identifier is a MAC (Medium Access Control) address that is unique in the world of the encryption source of the frame, and the port number is a number that is not duplicated in the system. The SCI creation unit 182 creates an SCI for each port number and stores it in the storage unit 162.

  Note that the PON system 301 is not limited to the configuration using the SCI as the channel information, but may be configured to use, as the channel information, data that has been subjected to some encoding processing using a MAC address and a port number, for example.

  The switching processing unit 183 acquires, from the overall control unit 11 via the control IF unit 32, for example, the switching control information indicating the timing of OSU redundancy switching and whether the OSU 12 of the OSU is the switching source or the switching destination. Further, in the switching source OSU 12, the switching control information further includes the port number of the switching destination OSU 12. Then, the switching processing unit 183 stores the port number in the storage unit 162.

  The frame creation unit 71 in the switching source OSU 12 generates a control frame for notifying the port number indicated by the switching control information received from the switching processing unit 183 and destined for the ONU 202 in communication with its own OSU 12. The data is output to the type identification unit 61. This control frame is, for example, an extended OAM frame.

  Based on the switching control information and the detection result of the association number extraction unit 155, the switching processing unit 183 determines whether or not to use the switching decryption key in the data frame decryption. Specifically, for example, when the switching processing unit 183 has not acquired the switching control information from the overall control unit 11, the association number in the security tag of the data frame received from the ONU 202 corresponds to OSU redundant switching 2. Or when it changes to 3, it determines with it being in an abnormal state.

  The decryptor 151 decrypts the user data included in the data frame received from the reception processing unit 33 using the decryption key and the SCI, for example, according to the method described in Non-Patent Document 2, and outputs the decrypted data to the FIFO 37.

  More specifically, the decryptor 151 obtains a decryption key corresponding to the protected communication identification number extracted by the association number extraction unit 155 by referring to the key management table 170 by the key selection unit 154. The decrypted key is used for decrypting the data frame.

  More specifically, association number extraction section 155 extracts the association number included in the data frame received from reception processing section 33 and outputs the extracted association number to SCI selection section 153 and key selection section 154. Further, the association number extraction unit 155 detects a change in the association number in the security tag of the data frame and notifies the switching processing unit 183 of the detection result.

  The key selection unit 154 acquires the decryption key corresponding to the association number received from the association number extraction unit 155 from the key management table 170, and outputs the association number and the decryption key to the decryptor 151.

  The SCI selection unit 153 acquires the SCI corresponding to the association number received from the association number extraction unit 155 from the key management table 170, and outputs the association number and the SCI to the decoder 151.

  Decryptor 151 uses the decryption key received from key selection unit 154 and the SCI received from SCI selection unit 153 to decode the user data included in the data frame received from reception processing unit 33, and outputs the decrypted data to FIFO 37. .

  FIG. 22 is a diagram illustrating configurations of a control unit and a decoding unit in the ONU according to the fifth embodiment of the present invention.

  Referring to FIG. 22, the control unit 29 includes a port number update unit 171, a key update unit (encryption key acquisition unit) 172, an SCI creation unit 173, a switching processing unit 174, and a control frame processing unit 175. including. The encryption unit 39 includes a storage unit 152, an encryptor (encryption unit) 163, a key selection unit 165, and an SCI selection unit 166.

  A part or all of the units in the control unit 29 and the encryption unit 39 are realized by, for example, one integrated circuit as a home-side control unit. This integrated circuit may further include units other than the control unit 29 and the encryption unit 39 in the ONU 202. The storage unit 152 may be included in the control unit 29, or the storage area may be divided and included in the control unit 29 and the encryption unit 39.

  In the encryption unit 39, the storage unit 152 is a normal encryption key that is an encryption key used before redundant switching between the active OSU and the standby OSU, and a switching key that is an encryption key to be used after redundant switching. Store the encryption key. For example, the storage unit 152 stores a switching encryption key to be used after switching from the active OSU to the standby OSU, and a switching encryption key to be used after switching from the standby OSU to the active OSU. . More specifically, the storage unit 152 stores a key management table 160 and encryption information such as a switching destination port number.

  In the control unit 29, the key update unit 172 acquires in advance a switching encryption key that is an encryption key to be used after redundant switching between the active OSU and the standby OSU. The key update unit 172 acquires an encryption key necessary for encrypted communication with the OSU 12 and stores the acquired encryption key in the storage unit 152.

  The SCI creation unit 173 creates channel information based on the identification information of the own ONU 202 and the identification information of the OSU 12 that is the transmission destination of the frame. For example, the SCI creation unit 173 creates an SCI (Secure Channel Identifier) in Non-Patent Document 2 as channel information and stores it in the storage unit 152. In this case, the identification information of the own ONU 202 is a MAC address, and the identification information of the OSU 12 to which the frame is transmitted is a port number.

  The key update unit 172 and the SCI creation unit 173 create a key management table (key management information) 160 indicating the correspondence relationship between the protected communication identification number, the encryption key such as SAK, and the SCI, and store it in the storage unit 152. . For example, in the key management table 160, an SCI used before redundant switching between the active OSU and the standby OSU and an SCI to be used after the redundant switching are registered.

  In the encryption unit 39, the encryptor 163 encrypts the user data included in the data frame received from the reception processing unit 26 using an encryption key and SCI, for example, according to the method described in Non-Patent Document 2, and performs optical transmission. The data is output to the processing unit 28.

  In the control unit 29, the control frame processing unit 175 analyzes the control frame received from the optical reception processing unit 22, and performs various controls such as access control based on the analysis result.

  When the port number update unit 171 receives a notification of the port number of the switching destination OSU 12 from the OSU 12 in communication with its own ONU 202 via the control frame processing unit 175, the port number in the storage unit 152 is notified of the port number notified. Rewrite to

  When the port number in the storage unit 152 is updated, the SCI creation unit 173 creates a new SCI and registers it in the storage unit 152 as a switching SCI.

  For example, the control frame processing unit 175 monitors the transmission source MAC address of the control frame, and when the transmission source MAC address changes, notifies the switching processing unit 174 to that effect.

  Upon receiving the notification from the control frame processing unit 175, the switching processing unit 174 determines that OSU redundancy switching has occurred. When the switching processing unit 174 determines that OSU redundancy switching has occurred, the switching processing unit 174 notifies the key selection unit 165, the SCI selection unit 166, and the encryption unit 163 of that fact.

  In response to the notification from the switching processing unit 174, the key selection unit 165 selects an association number to be included in the data frame, acquires an encryption key corresponding to the selected association number from the key management table 160, and The association number and the encryption key are output to the encryptor 163.

  In response to the notification from the switching processing unit 174, the SCI selection unit 166 selects an association number to be included in the data frame, acquires the SCI corresponding to the selected association number from the key management table 160, and associates the association number. The SCI is output to the encryptor 163.

  Note that the switching processing unit 174 may detect OSU redundancy switching by various methods. For example, the switching processing unit 174 detects OSU redundancy switching based on information received from the control frame processing unit 175 or the optical reception processing unit 22.

  Specifically, the optical reception processing unit 22 notifies the switching processing unit 174 of a loss of signal (LoS), that is, if the ONU 202 cannot detect a downstream optical signal transmitted from the station side device 101 for a predetermined time or more. To do. In response to this notification, the switching processing unit 174 determines that OSU redundancy switching has occurred. That is, the switching processing unit 174 detects the interruption of the downstream optical signal from the station side device 101 as the occurrence of redundant switching.

  Further, the switching processing unit 174 detects the occurrence of redundant switching based on the difference between the time stamp from the OSU 12 and the time stamp of its own ONU 202.

  More specifically, the control frame processing unit 175 monitors the time stamp value of the MPCP frame received from the OSU 12, and if the difference between the time stamp value and the time stamp value of the own ONU 202 exceeds a predetermined threshold value, The switching processing unit 174 is notified that time stamp drift has occurred. The switching processing unit 174 receives a notification that the time stamp drift has occurred from the control frame processing unit 175, and determines that OSU redundancy switching has occurred.

  Further, the MAC address of the transmitting MAC device, that is, the OSU 12 is stored in the transmission source address field of the downstream frame transmitted by the OSU 12. Since different MAC devices cannot use the same MAC address, the value of the source address field changes before and after OSU redundancy switching.

  Therefore, the switching processing unit 174 detects a change in the transmission source address of the frame from the station side apparatus 101 as the occurrence of OSU redundancy switching.

  More specifically, the switching processing unit 174 determines that the OSU redundancy switching has occurred when receiving a notification from the control frame processing unit 175 that the source address of the PON control frame has changed.

  Thereby, even when LoS cannot be detected, or even when the time stamp deviation between frames is small before and after redundancy switching, the switching processing unit 174 can detect the occurrence of OSU redundancy switching.

  Note that, in the PON system according to the fifth embodiment of the present invention to which the function of uplink encryption and decryption is added, the first to fourth embodiments of the present invention related to downlink encryption and decryption are also provided. It is possible to apply an OSU redundancy switching detection operation, an SCI update operation, an association number change operation, and the like as described in the above embodiment.

[Operation]
Next, redundant switching processing in the PON system according to the fifth embodiment of the present invention will be described with reference to the drawings. Hereinafter, in the PON system 301, a case where the decryption key used by the OSU 12 and the encryption key used by the ONU 202 are a common key will be described.

  FIG. 23 is a flowchart showing an operation procedure when performing redundant switching from the active OSU to the standby OSU in the PON system according to the fifth embodiment of the present invention.

  Referring to FIG. 23, before the redundant switching from the active OSU to the standby OSU, the ONU 202 and the active OSU perform communication by encrypting and decrypting the data frame using the normal key (step). S401).

  Next, the ONU 202 and the standby OSU acquire a switching key to be used after redundant switching from the active OSU to the standby OSU, and register it in each storage unit in advance.

  Specifically, for example, the ONU 202 and the active OSU perform a sharing process of encryption information such as a key used after redundant switching from the active OSU to the standby OSU during the communication, thereby switching the key. To get. For example, the ONU 202 and the active OSU acquire encryption information such as a key by a procedure according to IEEE 802.1X (registered trademark) -2010. Then, the active OSU notifies the standby OSU of the switching key during the communication (steps S402 and S403). Alternatively, for example, before starting the ONU 202 and each OSU 12, a communication carrier or the like may register a switching key in advance.

  Next, the active OSU notifies the ONU 202 of the port number of the standby OSU to be switched to, for example, in an extended OAM message (step S404).

  Next, the ONU 202 creates a switching SCI to be used after redundant switching from the active OSU to the standby OSU based on the port number of the standby OSU notified from the active OSU and its own MAC address. . Then, the ONU 202 registers the created switching SCI in its own storage unit (step S405).

  Next, when redundant switching from the active OSU to the standby OSU occurs (step S406), the active OSU notifies the standby OSU of switching information including the MAC address of the ONU 202 that is communicating with itself. Note that the active OSU may notify the standby OSU of the switching information before redundant switching occurs (step S407).

  Next, the standby OSU generates a control frame using the switching information notified from the active OSU and transmits it to the ONU 202 (step S408).

  Next, the ONU 202 receives the control frame from the standby OSU, and confirms that the transmission source address of the control frame transmitted from the station side apparatus 101 has changed from the MAC address of the active OSU to the MAC address of the standby OSU. Detection is performed (step S409).

  Next, the standby OSU creates SCI used for decoding in communication with the ONU 202 based on the MAC address of the ONU 202 notified from the active OSU and its own port number. Then, the standby OSU registers the created SCI in its own storage unit (step S411).

  Next, the ONU 202 encrypts the data frame using the switching key and the switching SCI registered in advance. The ONU 202 sets the association number to the association number 2 for switching in the security tag of the data frame. Further, the ONU 202 starts with the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key (step S412).

  Next, the ONU 202 transmits the encrypted data frame to the standby OSU (step S413).

  When the ONU 202 changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal number 0 or 1 is used as the association number corresponding to the new key. To do. Also, the ONU 202 continues to use the SCI created in step S405 (step S414).

  Next, the standby OSU decodes the data frame received from the ONU 202 using the switching key registered in advance and the created SCI (step S415).

  Next, when the standby OSU changes from a switching key to a new key because the packet number has exceeded a predetermined threshold value, the standby OSU uses a normal 0 or an association number corresponding to the new key. 1 is used (step S416).

  In this way, in the PON system 301, the ONU 202 and the OSU 12 allow the switching encryption key that is an encryption key and the switching decryption key that is a decryption key to be used after switching between the active OSU and the standby OSU. Are acquired in advance. Also, the OSU 12 acquires in advance channel information to be used after switching between the active OSU and the standby OSU, for example, SCI.

  Further, for example, the OSU 12 and the ONU 202 associate a protected communication identification number such as an association number with a decryption key and an encryption key, respectively.

  When switching between the active OSU and the standby OSU is performed, the ONU 202 transmits a data frame including the protected communication identification number corresponding to the switching encryption key to the switching destination OSU 12.

  The switching destination OSU 12 extracts the protected communication identification number included in the data frame received from the ONU 202, and uses the switching decryption key, which is a decryption key corresponding to the extracted protected communication identification number, for decrypting the data frame.

  FIG. 24 is a flowchart showing an operation procedure when performing redundant switching from the standby OSU to the active OSU in the PON system according to the fifth embodiment of the present invention.

  Referring to FIG. 24, before redundant switching from standby OSU to active OSU, ONU 202 and standby OSU perform communication by encrypting and decrypting data frames using normal keys (steps). S421).

  Next, the ONU 202 and the active OSU acquire a switching key to be used after redundant switching from the standby OSU to the active OSU, and register it in each storage unit in advance.

  Specifically, for example, the ONU 202 and the standby OSU perform a sharing process of encryption information such as a key used after redundant switching from the standby OSU to the active OSU during the communication, thereby switching the key. To get. For example, the ONU 202 and the standby OSU acquire encryption information such as a key by a procedure according to IEEE 802.1X (registered trademark) -2010. Then, the standby OSU notifies the operating OSU of the switching key during the communication (steps S422 and S423). Alternatively, for example, before starting the ONU 202 and each OSU 12, a communication carrier or the like may register a switching key in advance.

  Next, the standby OSU notifies the ONU 202 of the port number of the switching-destination active OSU, for example, in an extended OAM message (step S424).

  Next, the ONU 202 creates an SCI for switching to be used after redundant switching from the standby OSU to the active OSU based on the port number of the active OSU notified from the standby OSU and its own MAC address. . Then, the ONU 202 registers the created switching SCI in its own storage unit (step S425).

  Next, when redundant switching from the standby OSU to the active OSU occurs (step S426), the standby OSU notifies the active OSU of switching information including the MAC address of the ONU 202 that is communicating with itself. Note that the standby OSU may notify the switching OSU of the switching information before occurrence of redundant switching (step S427).

  Next, the active OSU generates a control frame using the switching information notified from the standby OSU and transmits it to the ONU 202 (step S428).

  Next, the ONU 202 receives the control frame from the active OSU, and confirms that the transmission source address of the control frame transmitted from the station side apparatus 101 has changed from the MAC address of the standby OSU to the MAC address of the active OSU. Detection is performed (step S429).

  Next, the active OSU creates an SCI used for decoding in communication with the ONU 202 based on the MAC address of the ONU 202 notified from the standby OSU and its own port number. Then, the active OSU registers the created SCI in its own storage unit (step S431).

  Next, the ONU 202 encrypts the data frame using the switching key and the switching SCI registered in advance. The ONU 202 sets the association number to the association number 2 for switching in the security tag of the data frame. Also, the ONU 202 starts with the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key (step S432).

  Next, the ONU 202 transmits the encrypted data frame to the active OSU (step S433).

  When the ONU 202 changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal number 0 or 1 is used as the association number corresponding to the new key. To do. Further, the ONU 202 continues to use the SCI created in step S425 (step S434).

  Next, the active OSU decrypts the data frame received from the ONU 202 by using the switching key registered in advance and the created SCI (step S435).

  Next, when the operating OSU changes from a switching key to a new key because the packet number has exceeded a predetermined threshold, the normal OS 0 or 0 is used as the association number corresponding to the new key. 1 is used (step S436).

  As described with reference to FIGS. 23 and 24, in the PON system 301, the standby OSU acquires in advance a switching decryption key to be used after switching from the active OSU to itself. The active OSU acquires in advance a switching decryption key to be used after switching from the standby OSU to itself. Then, the ONU 202 acquires in advance encryption keys corresponding to both of these switching decryption keys.

  If the port numbers of the active OSU and the standby OSU are common, it is not necessary to notify the port number from the OSU 12 to the ONU 202 and to create and register the switching SCI by the ONU 202.

  FIG. 25 is a diagram showing switching information and encryption information used when performing redundant switching from the active OSU to the standby OSU in the PON system according to the fifth embodiment of the present invention.

  Referring to FIG. 25, in this PON system 301, for example, key x and key y are used as normal keys for association number 0 and association number 1, respectively, and used for redundant switching from the active OSU to the standby OSU. The key a is used as a switching key to be used, and the key b is used as a switching key used at the time of redundant switching from the standby OSU to the active OSU.

  Also, here, the MAC address of the ONU 202 is p, the port number of the active OSU is m, and the port number of the standby OSU is n.

  First, before redundant switching from the active OSU to the standby OSU, the ONU 202 and the active OSU perform communication by encrypting and decrypting data frames using the normal keys x and y and the SCIf. More specifically, when the packet number reaches a predetermined value, the ONU 202 switches the normal key, resets the packet number in the security tag to 1, and changes the association number. Specifically, the ONU 202 starts using the normal key y when the packet number reaches a predetermined value in a state where the normal key x with the association number 0 is used, for example. Then, the ONU 202 resets the packet number in the security tag to 1, and changes the association number from 0 to 1 (step S261).

  Next, the ONU 202 and the standby OSU register the switching key a of the association number 2 in the key management tables 160 and 170 as switching keys to be used after the redundant switching from the active OSU to the standby OSU, respectively. . The specific acquisition method is the same as that described in FIG. 23 (steps S262 and S263).

  Next, the active OSU notifies the ONU 202 of the port number n of the standby OSU that is the switching destination, for example, in an extended OAM message. The ONU 202 registers the port number n notified from the active OSU (step S264).

  Next, the ONU 202 sets the SCIg for switching to be used after redundant switching from the active OSU to the standby OSU based on the port number n of the standby OSU notified from the active OSU and its own MAC address p. create. Then, the ONU 202 registers the created switching SCIg in association with the association number 2 in the key management table 160 (step S265).

  Next, when redundant switching from the active OSU to the standby OSU occurs (step S266), the active OSU notifies the standby OSU of switching information including the MAC address p of the ONU 202 that is communicating with itself. Note that the active OSU may notify the standby OSU of the switching information before redundant switching occurs (step S267).

  Next, the standby OSU creates SCIg to be used for encryption in communication with the ONU 202 based on the MAC address p of the ONU 202 notified from the active OSU and its own port number n. Then, the standby OSU registers the created SCIg in its own storage unit (step S268).

  Next, the ONU 202 encrypts the data frame using the switching key a and SCIg registered in advance. The ONU 202 sets the association number to the association number 2 for switching in the security tag of the data frame. Also, the ONU 202 starts with the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key. Then, the standby OSU transmits the encrypted data frame to the standby OSU (step S269).

  Next, the standby OSU receives the data frame from the ONU 202 and detects that the association number in the security tag of the data frame transmitted from the ONU 202 has changed to the association number 2 for switching. Then, the standby OSU decrypts the data frame received from the ONU 202 using the switching key a registered in advance and the created switching SCIg.

  FIG. 26 is a diagram showing switching information and encryption information used when performing redundant switching from the standby OSU to the active OSU in the PON system according to the fifth embodiment of the present invention.

  Referring to FIG. 26, in this PON system 301, for example, key x and key y are used as normal keys for association number 0 and association number 1, respectively, and used for redundant switching from the active OSU to the standby OSU. The key a is used as a switching key to be used, and the key b is used as a switching key used at the time of redundant switching from the standby OSU to the active OSU.

  Further, here, the MAC address of the ONU 202 is p, the port number of the active OSU is q, and the port number of the standby OSU is n.

  First, before redundant switching from the standby OSU to the active OSU, the ONU 202 and the standby OSU perform communication by encrypting and decrypting data frames using the normal keys x and y and SCIg. More specifically, when the packet number reaches a predetermined value, the ONU 202 switches the normal key, resets the packet number in the security tag to 1, and changes the association number. Specifically, the ONU 202 starts using the normal key y when the packet number reaches a predetermined value in a state where the normal key x with the association number 0 is used, for example. Then, the ONU 202 resets the packet number in the security tag to 1, and changes the association number from 0 to 1 (step S271).

  Next, the ONU 202 and the active OSU register the association key 3 switching key b in the key management tables 160 and 170 as switching keys to be used after the redundant switching from the standby OSU to the active OSU, respectively. . The specific acquisition method is the same as that described in FIG. 24 (steps S272 and S273).

  Next, the standby OSU notifies the ONU 202 of the port number q of the switching-destination active OSU, for example, in an extended OAM message. The ONU 202 registers the port number q notified from the standby OSU (step S274).

  Next, the ONU 202 sets the SCIh for switching to be used after redundant switching from the standby OSU to the active OSU based on the port number q of the active OSU notified from the standby OSU and its own MAC address p. create. Then, the ONU 202 registers the created switching SCIh in association with the association number 3 in the key management table 160 (step S275).

  Next, when redundant switching from the standby OSU to the active OSU occurs (step S276), the standby OSU notifies the active OSU of switching information including the MAC address p of the ONU 202 that is communicating with itself. Note that the standby OSU may notify the switching OSU of the switching information before the redundant switching occurs (step S277).

  Next, the active OSU creates SCIh used for encryption in communication with the ONU 202 based on the MAC address p of the ONU 202 notified from the standby OSU and its own port number q. Then, the active OSU registers the created SCIh in its own storage unit (step S278).

  Next, the ONU 202 encrypts the data frame using the switching key b and SCIh registered in advance. Further, the ONU 202 sets the association number to the association number 3 for switching in the security tag of the data frame. Also, the ONU 202 starts with the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key. Then, the active OSU transmits the encrypted data frame to the active OSU (step S279).

  Next, the active OSU receives the data frame from the ONU 202 and detects that the association number in the security tag of the data frame transmitted from the ONU 202 has changed to the association number 3 for switching. Then, the active OSU decrypts the data frame received from the ONU 202 by using the switching key b registered in advance and the created switching SCIh.

  FIG. 27 is a diagram showing another example of switching information and encryption information used when performing redundant switching from the active OSU to the standby OSU in the PON system according to the fifth embodiment of the present invention. is there. FIG. 27 shows a case where the port numbers of the active OSU and the standby OSU are common.

  Referring to FIG. 27, in this PON system 301, for example, key x and key y are used as normal keys for association number 0 and association number 1, respectively, and are used for redundant switching from the active OSU to the standby OSU. The key a is used as a switching key to be used, and the key b is used as a switching key used at the time of redundant switching from the standby OSU to the active OSU.

  Also, here, the MAC address of the ONU 202 is p, the port number of the active OSU is m, and the port number of the standby OSU is m.

  First, before redundant switching from the active OSU to the standby OSU, the ONU 202 and the active OSU perform communication by encrypting and decrypting data frames using the normal keys x and y and the SCIf. More specifically, when the packet number reaches a predetermined value, the ONU 202 switches the normal key, resets the packet number in the security tag to 1, and changes the association number. Specifically, the ONU 202 starts using the normal key y when the packet number reaches a predetermined value in a state where the normal key x with the association number 0 is used, for example. Then, the ONU 202 resets the packet number in the security tag to 1, and changes the association number from 0 to 1 (step S281).

  Next, the ONU 202 and the standby OSU register the switching key a of the association number 2 in the key management tables 160 and 170 as switching keys to be used after the redundant switching from the active OSU to the standby OSU, respectively. . The specific acquisition method is the same as that described in FIG. 23 (steps S282 and S283).

  Next, when redundant switching from the active OSU to the standby OSU occurs (step S286), the active OSU notifies the standby OSU of switching information including the MAC address p of the ONU 202 that is communicating with itself. Note that the active OSU may notify the standby OSU of the switching information before the redundant switching occurs (step S287).

  Next, the standby OSU creates an SCIf to be used for encryption in communication with the ONU 202 based on the MAC address p of the ONU 202 notified from the active OSU and its own port number m. Then, the standby OSU registers the created SCIf in its own storage unit (step S288).

  Next, the ONU 202 encrypts the data frame using the switching key a and SCIf registered in advance. The ONU 202 sets the association number to the association number 2 for switching in the security tag of the data frame. Also, the ONU 202 starts with the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key. Then, the standby OSU transmits the encrypted data frame to the standby OSU (step S289).

  Next, the standby OSU receives the data frame from the ONU 202 and detects that the association number in the security tag of the data frame transmitted from the ONU 202 has changed to the association number 2 for switching. The standby OSU then decrypts the data frame received from the ONU 202 using the switching key a registered in advance and the created switching SCIf.

  FIG. 28 is a diagram showing another example of switching information and encryption information used when performing redundant switching from the standby OSU to the active OSU in the PON system according to the fifth embodiment of the present invention. is there. FIG. 28 shows a case where the port numbers of the standby OSU and the active OSU are common.

  Referring to FIG. 28, in this PON system 301, for example, key x and key y are used as normal keys for association number 0 and association number 1, respectively, and used for redundant switching from the active OSU to the standby OSU. The key a is used as a switching key to be used, and the key b is used as a switching key used at the time of redundant switching from the standby OSU to the active OSU.

  Also, here, the MAC address of the ONU 202 is p, the port number of the active OSU is m, and the port number of the standby OSU is m.

  First, before redundancy switching from the standby OSU to the active OSU, the ONU 202 and the standby OSU perform communication by encrypting and decrypting data frames using the normal keys x and y and the SCIf. More specifically, when the packet number reaches a predetermined value, the ONU 202 switches the normal key, resets the packet number in the security tag to 1, and changes the association number. Specifically, the ONU 202 starts using the normal key y when the packet number reaches a predetermined value in a state where the normal key x with the association number 0 is used, for example. Then, the ONU 202 resets the packet number in the security tag to 1 and changes the association number from 0 to 1 (step S291).

  Next, the ONU 202 and the active OSU register the association key 3 switching key b in the key management tables 160 and 170 as switching keys to be used after the redundant switching from the standby OSU to the active OSU, respectively. . The specific acquisition method is the same as that described in FIG. 24 (steps S292 and S293).

  Next, when redundant switching from the standby OSU to the active OSU occurs (step S296), the standby OSU notifies the active OSU of switching information including the MAC address p of the ONU 202 that is communicating with itself. Note that the standby OSU may notify the switching OSU of the switching information before the redundant switching occurs (step S297).

  Next, the active OSU creates an SCIf used for encryption in communication with the ONU 202 based on the MAC address p of the ONU 202 notified from the standby OSU and its own port number m. Then, the active OSU registers the created SCIf in its own storage unit (step S298).

  Next, the ONU 202 encrypts the data frame using the switching key b and SCIf registered in advance. Further, the ONU 202 sets the association number to the association number 3 for switching in the security tag of the data frame. Also, the ONU 202 starts with the packet number in the security tag from 1 and increments with the switching from the normal key to the switching key. Then, the active OSU transmits the encrypted data frame to the active OSU (step S299).

  Next, the active OSU receives the data frame from the ONU 202 and detects that the association number in the security tag of the data frame transmitted from the ONU 202 has changed to the association number 3 for switching. Then, the active OSU decrypts the data frame received from the ONU 202 using the switching key b registered in advance and the created switching SCIf.

  By the way, when performing redundant switching from the active OSU to the standby OSU, for example, the ONU communicating with the active OSU newly communicates with the standby OSU in accordance with a predetermined procedure, thereby Encryption information such as keys used for encryption and decryption must be shared with the standby OSU. For this reason, the communication stop time of the PON system due to redundant switching becomes long.

  On the other hand, in the communication system according to the fifth embodiment of the present invention, the ONU 202 and the OSU 12 use a switching encryption key that is an encryption key to be used after switching between the active OSU and the standby OSU. And a switching decryption key, which is a decryption key, is acquired in advance. That is, in the home side control unit according to the fifth embodiment of the present invention, the key update unit 172 in the control unit 29 is a switching key that is an encryption key to be used after switching between the active OSU and the standby OSU. An encryption key is acquired in advance. Further, in the station side control unit according to the fifth embodiment of the present invention, the key updating unit 181 in the PON control unit 36 is a switching that is a decryption key to be used after switching between the active OSU and the standby OSU. The decryption key for use is acquired in advance.

  In other words, the ONU 202 and the OSU 12 have a switching encryption key that is an encryption key and a switching decryption key that is a decryption key corresponding to the encryption key to be used after switching between the active OSU and the standby OSU. Each is acquired in advance. After the redundancy switching, the ONU 202 transmits a communication signal, for example, a frame encrypted using the acquired switching encryption key to the OSU 12. Then, the OSU 12 decrypts the encrypted frame received from the ONU 202 by using the acquired switching decryption key.

  As described above, the key to be used after the redundancy switching is acquired in advance before the redundancy switching, so that the OSU 12 can continuously decode the frame before and after the redundancy switching, thereby reducing the communication stop time associated with the redundancy switching. Therefore, stable and high communication quality can be provided.

  In addition, since the key can be changed before and after the redundant switching, it is not necessary to transfer information such as the packet number of the frame between the switching source OSU 12 and the switching destination OSU 12, so that stable communication can be performed before and after the redundant switching. Realized and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved.

  Therefore, in the communication system, the home-side control unit, and the station-side control unit according to the fifth embodiment of the present invention, a security function between the station-side device and the home-side device is realized and redundant switching in the station-side device is performed. On the other hand, an increase in communication stop time between the station side device and the home side device can be suppressed, and a highly reliable communication system can be provided.

  In the communication system according to the fifth embodiment of the present invention, the standby OSU obtains in advance a switching decryption key to be used after switching from the active OSU to itself. The active OSU acquires in advance a switching decryption key to be used after switching from the standby OSU to itself. Then, the ONU 202 acquires in advance encryption keys corresponding to both of these switching decryption keys.

  With such a configuration, different keys can be used for redundant switching from the active OSU to the standby OSU and redundant switching from the standby OSU to the active OSU, thereby further improving security. be able to.

  In the communication system according to the fifth embodiment of the present invention, the OSU 12 and the ONU 202 associate a protection communication identification number such as an association number with a decryption key and an encryption key, respectively. When switching between the active OSU and the standby OSU is performed, the ONU 202 transmits a frame including the protected communication identification number corresponding to the switching encryption key to the switching destination OSU 12. Then, the switching destination OSU 12 extracts the protected communication identification number included in the frame received from the ONU 202, and uses the switching decryption key, which is the decryption key corresponding to the extracted protected communication identification number, for decrypting the frame.

  With such a configuration, it is not necessary to perform a new key consensus process after redundant switching between the active OSU and the standby OSU, and frames can be continuously decoded before and after the redundant switching.

  In the communication system according to the fifth embodiment of the present invention, the OSU 12 acquires in advance channel information to be used after switching between the active OSU and the standby OSU, for example, SCI.

  With such a configuration, even when the SCI is used for encryption in addition to the key, the optical line unit can continuously decode the frame before and after the redundancy switching, so that the communication stop time in the communication system can be shortened. It is possible to provide stable and high communication quality.

  In the home-side control unit according to the fifth embodiment of the present invention, the storage unit 152 includes a normal encryption key that is an encryption key used before switching between the active OSU and the standby OSU, and A switching encryption key that is an encryption key to be used after switching is stored.

  Further, in the station side control unit according to the fifth embodiment of the present invention, the storage unit 162 includes a normal decryption key that is a decryption key used before switching between the active OSU and the standby OSU, and A switching decryption key that is a decryption key to be used after switching is stored.

  With such a configuration, a key to be used after redundant switching can be acquired in advance before redundant switching, so that the optical line unit can decode without interrupting the frame before and after redundant switching. Thereby, the communication stop time accompanying redundancy switching can be shortened, and stable and high communication quality can be provided.

  In addition, since the key can be changed before and after the redundant switching, it is not necessary to transfer information such as the packet number of the frame between the switching source optical line unit and the switching destination optical line unit. Stable communication can be realized, and simple redundant switching processing can be realized. Further, when different keys are used before and after redundancy switching, security can be improved.

  Therefore, the home-side control unit and the station-side control unit according to the fifth embodiment of the present invention realize a security function between the station-side device and the home-side device, and for redundant switching in the station-side device, An increase in communication stop time between the station side device and the home side device can be suppressed, and a highly reliable communication system can be provided.

  Since other configurations and operations are the same as those of the PON system according to the first to fourth embodiments, detailed description will not be repeated here.

  In the fifth embodiment of the present invention, the PON system in which the decryption key used by the OSU 12 and the encryption key used by the ONU 202 are a common key has been described. However, the PON system 301 may be configured so that the OSU 12 uses a decryption key corresponding to the encryption key used in the ONU 202. For example, even if the decryption key used by the OSU 12 and the encryption key used by the ONU 202 are different. Good.

  The above embodiment should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

11 Overall Control Unit 12, 12-1 to 12-N + 1 Optical Line Unit (OSU)
DESCRIPTION OF SYMBOLS 13 Concentration part 14 Optical switch 20, 40 Decoding part 21 PON port 22 Optical reception process part 23 Buffer memory 24 Transmission process part 25 UNI port 26 Reception process part 27 Buffer memory 28 Optical transmission process part 29 Control part 30,39 Encryption part 31 Concentration IF unit 32 Control IF unit 33 Reception processing unit 34 Transmission processing unit 35 PON transmission / reception unit 36 PON control unit 37, 38 FIFO
51,151 Decoder (Decoding Unit)
52 Storage Unit 53, 153 SCI Selection Unit 54, 154 Key Selection Unit 55, 155 Association Number Extraction Unit (Protected Communication Identification Number Extraction Unit)
56 SCI Extraction Unit 57 Frame Type Identification Unit 58 Tag Change Detection Unit 61 Frame Type Identification Unit 62 Storage Unit 63,163 Encryptor (Encryption Unit and Communication Signal Configuration Unit)
64 Multiplexer 65,165 Key selection unit 66,166 SCI selection unit 71,171 Frame creation unit 72,172 Key update unit (encryption key acquisition unit)
73,173 SCI creation unit 74,174 switching processing unit 81,181 key update unit (decryption key acquisition unit)
82,182 SCI creation part (channel information update part)
83,183 Switching processing unit (switching detection unit)
84,184 MAC address update unit 85,175 Control frame processing unit 101 Station side device (OLT)
202 Home unit (ONU)
203-1 to 203-N PON line 204-1 to 204-N optical coupler 301 PON system

Claims (27)

A communication system comprising a home device and a redundant optical line unit for communicating with the home device,
The optical line unit transmits a communication signal encrypted using an encryption key to the home device,
The home side device decrypts the encrypted communication signal received from the optical line unit using a decryption key corresponding to the encryption key,
The switching key and the decryption key, which are the encryption keys, should be used after switching between the optical line unit in the active system and the optical line unit in the standby system. A communication system in which each of the switching decryption keys is acquired in advance. The standby optical line unit obtains in advance a first switching encryption key to be used after switching from the active optical line unit to itself,
The active optical line unit acquires in advance a second switching encryption key to be used after switching from the standby optical line unit to itself,
2. The communication system according to claim 1, wherein the home-side apparatus acquires in advance the decryption keys corresponding to the first switching encryption key and the second switching encryption key, respectively. The optical line unit and the home side device associate a protection communication identification number with the encryption key and the decryption key, respectively.
When switching between the active optical line unit and the standby optical line unit is performed, the switch-destination optical line unit includes the protected communication identification number corresponding to the switching encryption key. Send a signal to the home device,
The home-side apparatus extracts the protection communication identification number included in the communication signal received from the optical line unit, and the switching decryption key which is the decryption key corresponding to the extracted protection communication identification number The communication system according to claim 1, wherein the communication signal is used for decoding the communication signal. The optical line unit encrypts the communication signal using its identification information and channel information based on the identification information of the home device to which the communication signal is transmitted, and the encryption key,
The home-side apparatus decrypts the communication signal using the channel information based on the identification information of the optical line unit and the identification information of the optical line unit that has encrypted the communication signal, and the decryption key,
The said home side apparatus acquires the said channel information which should be used after switching between the said optical line unit of an active system, and the said optical line unit of a standby system in any one of Claims 1-3. Communication system. The optical line unit encrypts the communication signal using its identification information and channel information based on the identification information of the home device to which the communication signal is transmitted, and the encryption key,
The home-side apparatus decrypts the communication signal using the channel information based on the identification information of the optical line unit and the identification information of the optical line unit that has encrypted the communication signal, and the decryption key,
The home-side apparatus monitors transmission source identification information included in a control signal from the optical line unit, and when the identification information changes, updates the channel information based on the changed identification information. The communication system according to any one of claims 1 to 3. The home-side apparatus decrypts the communication signal using the channel information based on the identification information of the optical line unit and the identification information of the optical line unit that has encrypted the communication signal, and the decryption key,
The communication signal may or may not include the channel information,
The optical line unit transmits a state in which the communication signal not including the channel information is transmitted to the home device and a communication signal including the channel information are transmitted to the home device in accordance with the timing at which the switching is performed. Perform transitions between states,
The said home side apparatus detects the transition between the state which does not include the said channel information, and the state which includes the said channel information of the said communication signal received from the said optical line unit as generation | occurrence | production of the said switching. 6. The communication system according to any one of items 5.   When the communication apparatus received from the optical line unit transitions from a state not including the channel information to a state including the channel information, the home-side device detects the occurrence of the switching. The communication system according to claim 6, wherein the communication signal is decoded using the channel information included in the communication signal instead of the channel information used before the detection.   The optical line unit performs a transition from a state in which the communication signal not including the channel information is transmitted to the home device to a state in which the communication signal including the channel information is transmitted to the home device. The communication system according to claim 6 or 7, wherein a transition to a state in which the communication signal not including the channel information is transmitted to the home side device is performed.   The optical line unit performs transition between a state in which the communication signal not including the channel information is transmitted to the home device and a state in which the communication signal including the channel information is transmitted to the home device. The communication system according to any one of claims 6 to 8, wherein, when there is no data to be transmitted to the home side device, the communication signal including dummy data is transmitted to the home side device. .   The communication system according to claim 9, wherein the optical line unit broadcasts the communication signal including the dummy data. The home-side apparatus decrypts the communication signal using the channel information based on the identification information of the optical line unit and the identification information of the optical line unit that has encrypted the communication signal, and the decryption key,
The said home side apparatus monitors the said channel information contained in the said communication signal from the said optical line unit, and detects the change of the said channel information as generation | occurrence | production of the said switching, The any one of Claim 1-10 The communication system according to item. The home side device operates according to time information, adjusts its own time information based on time information included in a control signal from the optical line unit,
The communication according to any one of claims 1 to 11, wherein the home side device detects the occurrence of the switching based on a difference between time information from the optical line unit and its own time information. system.   2. The home apparatus detects a disconnection of the communication signal from the optical line unit or a change in identification information of a transmission source included in a control signal from the optical line unit as the occurrence of the switching. The communication system according to claim 12. A home-side control unit used in a home-side device for communicating with a redundant optical line unit,
A decryption unit for decrypting an encrypted communication signal received from the optical line unit using a decryption key;
A home side comprising: a decryption key obtaining unit for obtaining in advance a switching decryption key that is the decryption key to be used after switching between the optical line unit in the active system and the optical line unit in the standby system Control unit. A home-side control unit used in a home-side device for communicating with a redundant optical line unit,
A decryption unit for decrypting an encrypted communication signal received from the optical line unit using a decryption key;
The normal decryption key, which is the decryption key used before switching between the active optical line unit and the standby optical line unit, and the switching decryption, which is the decryption key to be used after the switching A home-side control unit comprising: a storage unit for storing the activation key. A station-side control unit used in a redundant optical line unit for communicating with a home-side device,
An encryption unit for encrypting a communication signal to be transmitted to the home device using an encryption key;
An encryption key acquisition unit for acquiring in advance an encryption key for switching that is the encryption key to be used after switching between the optical line unit of the active system and the optical line unit of the standby system, Control unit. A station-side control unit used in a redundant optical line unit for communicating with a home-side device,
An encryption unit for encrypting a communication signal to be transmitted to the home device using an encryption key;
A normal encryption key that is the encryption key used before switching between the optical line unit of the active system and the optical line unit of the standby system, and a switching cipher that is the encryption key to be used after the switching A station-side control unit comprising: a storage unit for storing the activation key. A communication control method in a communication system including a home side device and a redundant optical line unit for communicating with the home side device,
The optical line unit and the home-side apparatus use an encryption key for switching, which is an encryption key, and the encryption key to be used after switching between the optical line unit in the active system and the optical line unit in the standby system. Obtaining a switching decryption key that is a corresponding decryption key in advance,
After the switching, the optical line unit transmits a communication signal encrypted using the acquired switching encryption key to the home side device;
A communication control method, comprising: after the switching, the home-side apparatus decrypts the encrypted communication signal received from the optical line unit using the acquired switching decryption key. A communication system comprising a home device and a redundant optical line unit for communicating with the home device,
The home device transmits a communication signal encrypted using an encryption key to the optical line unit,
The optical line unit decrypts the encrypted communication signal received from the home device using a decryption key corresponding to the encryption key,
The home side apparatus and the optical line unit are the encryption key for switching and the decryption key to be used after switching between the optical line unit for the active system and the optical line unit for the standby system. A communication system in which each of the switching decryption keys is acquired in advance. The standby optical line unit acquires in advance a first switching decryption key to be used after switching from the active optical line unit to itself,
The active optical line unit acquires in advance a second switching decryption key to be used after switching from the standby optical line unit to itself.
The communication system according to claim 19, wherein the home-side device acquires the encryption keys corresponding to the first switching decryption key and the second switching decryption key in advance. The optical line unit and the home side device associate a protection communication identification number with the decryption key and the encryption key, respectively.
When switching between the active optical line unit and the standby optical line unit is performed, the home apparatus switches the communication signal including the protection communication identification number corresponding to the switching encryption key to the switching destination. To the optical line unit of
The switching-destination optical line unit extracts the protection communication identification number included in the communication signal received from the home-side device, and is the decryption key corresponding to the extracted protection communication identification number. The communication system according to claim 19 or 20, wherein a decryption key is used for decrypting the communication signal. The home-side device encrypts the communication signal using channel information based on the identification information of itself and the identification information of the optical line unit to which the communication signal is transmitted, and the encryption key,
The optical line unit decrypts the communication signal using channel information based on the identification information of the home-side device and the identification information of the home device that has encrypted the communication signal, and the decryption key,
The said optical line unit acquires the said channel information which should be used after switching between the said optical line unit of an active system, and the said optical line unit of a standby system in any one of Claims 19-21. Communication system. A station-side control unit used in a redundant optical line unit for communicating with a home-side device,
A decryption unit for decrypting an encrypted communication signal received from the home-side device using a decryption key;
A station side comprising: a decryption key obtaining unit for obtaining in advance a switching decryption key that is the decryption key to be used after switching between the optical line unit in the active system and the optical line unit in the standby system Control unit. A station-side control unit used in a redundant optical line unit for communicating with a home-side device,
A decryption unit for decrypting an encrypted communication signal received from the home-side device using a decryption key;
The normal decryption key, which is the decryption key used before switching between the active optical line unit and the standby optical line unit, and the switching decryption, which is the decryption key to be used after the switching A station-side control unit comprising: a storage unit for storing the activation key. A home-side control unit used in a home-side device for communicating with a redundant optical line unit,
An encryption unit for encrypting a communication signal to be transmitted to the optical line unit using an encryption key;
An encryption key acquisition unit for acquiring in advance a switching encryption key that is the encryption key to be used after switching between the active optical line unit and the standby optical line unit; Control unit. A home-side control unit used in a home-side device for communicating with a redundant optical line unit,
An encryption unit for encrypting a communication signal to be transmitted to the optical line unit using an encryption key;
A normal encryption key that is the encryption key used before switching between the optical line unit of the active system and the optical line unit of the standby system, and a switching cipher that is the encryption key to be used after the switching A home-side control unit comprising: a storage unit for storing the activation key. A communication control method in a communication system including a home side device and a redundant optical line unit for communicating with the home side device,
The home-side apparatus and the optical line unit may use an encryption key for switching, which is an encryption key, and the encryption key to be used after switching between the optical line unit in the active system and the optical line unit in the standby system. Obtaining a switching decryption key that is a corresponding decryption key in advance,
After the switching, the home-side device transmits a communication signal encrypted using the acquired switching encryption key to the optical line unit;
A communication control method comprising: after the switching, the optical line unit decrypts the encrypted communication signal received from the home-side device using the acquired switching decryption key.

Images