JP2015133610A - Station side device, pon system and control method of station side device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technique for continuing encrypted communication smoothly while switching the encryption device in the station side device.SOLUTION: A station side device performs encrypted communication by a switching source encryption device (OSU12_1), out of a first encryption device and a second encryption device (SQ6). The station side device performs switching between the first encryption device and second encryption device, and takes over the system identifier (SCI) included in a channel identifier used in the encrypted communication, from the switching source encryption device (OSU12_1) to a switching destination encryption device (OSU12_N+1) (SQ8). After switching, the station side device performs encrypted communication by the switching destination encryption device (OSU12_N+1), out of the first encryption device and second encryption device (SQ14).

Description

  The present invention relates to a station apparatus, a PON (Passive Optical Network) system, and a station apparatus control method. In particular, the present invention relates to a station side device having a redundant configuration and a security function.

  In recent years, the Internet has become widespread, and users can access various information on sites operated in various parts of the world and obtain the information. Along with this, devices capable of broadband access such as ADSL (Asymmetric Digital Subscriber Line) and FTTH (Fiber To The Home) are rapidly spreading.

  IEEE Std 802.3ah (registered trademark) -2004 (Non-patent Document 1) discloses one method of a passive optical network (PON). PON is medium-shared communication in which a plurality of home side devices (ONU: Optical Network Unit) share an optical communication line and perform data transmission with a station side device (OLT: Optical Line Terminal). In Non-Patent Document 1, all information including user information passing through the PON and control information for managing and operating the PON is communicated in an Ethernet (registered trademark) frame format (EPON (Ethernet (registered trademark) PON)). And an EPON access control protocol (MPCP (Multi-Point Control Protocol)) and an OAM (Operations Administration and Maintenance) protocol are defined. By exchanging MPCP frames between the station side device and the home side device, the home side device joins and leaves, and uplink access multiplexing control is performed. Non-Patent Document 1 describes a registration method for a new home device, a report indicating a bandwidth allocation request, and a gate indicating a transmission instruction using an MPCP message.

  As a next-generation technology of GE-PON, which is an EPON that realizes a communication speed of 1 gigabit / second, there is 10G-EPON standardized as IEEE 802.3av (registered trademark) -2009. 10G-EPON is an EPON with a communication speed equivalent to 10 gigabits / second. Even in 10G-EPON, the access control protocol is based on MPCP.

  In PON, an optical signal transmitted from a station-side device basically reaches all subordinate ONUs, so an encryption function for protecting user data and the like is required. Furthermore, an optical signal transmitted from the ONU also requires an encryption function in order to prevent spoofing and prevent communication contents from being exposed due to interception of reflected light. As an example of such an encryption function, for example, IEEE Std 802.1AE (registered trademark) -2006 (Non-Patent Document 2) includes a technique for encrypting user data using a SAK (Secure Association Key) or the like. It is disclosed.

  In general, in a network service for business, in order to provide a high-quality service, system duplication (redundancy) is essential. Also, a highly reliable system can be provided by using a duplex system in an audio / video distribution service. In the redundant system, a redundant configuration is adopted in which each of the devices, components, and network has an active system and a standby system as required. When a failure occurs in a part of the operating system, it is possible to make the system stop time due to the failure as short as possible by performing redundant switching from the active system to the standby system. In this case, the ONU needs to detect that redundancy switching has been performed in the station side device.

IEEE Std 802.3ah-2004 IEEE Std 802.1AE-2006

  The station side device transmits a data frame (downlink data frame) including the encrypted user data to the home side device. When redundancy switching is performed inside the station side device, switching of the encryption device may occur. However, when the home device detects the switching of the encryption device in the station side device and executes the processing corresponding to the switching, smooth encryption communication is continued between the station side device and the home device. It can be difficult. Furthermore, in order for such processing to be performed by the home-side device, the processing of the home-side device becomes complicated, which may increase the circuit scale of the home-side device.

  An object of the present invention is to provide a technique for enabling encrypted communication to continue smoothly while switching encryption devices in a station-side apparatus.

  A station apparatus according to an aspect of the present invention is a station apparatus that performs encrypted communication through an optical line. The station-side apparatus includes a first cryptographic device and a second cryptographic device that can be switched between the first cryptographic device. In switching between the first cryptographic device and the second cryptographic device, the station side device changes the system identifier included in the channel identifier used for encrypted communication from the switching source cryptographic device to the switching destination cryptographic device. take over.

  A PON system according to another aspect of the present invention includes a station-side device, a home-side device, and an optical line that connects the station-side device and the home-side device. The station-side device includes a first encryption device for performing encrypted communication with the home-side device and a second encryption device that can be switched between the first encryption device. In switching between the first cryptographic device and the second cryptographic device, the station side device changes the system identifier included in the channel identifier used for encrypted communication from the switching source cryptographic device to the switching destination cryptographic device. take over.

  The station side apparatus control method according to another aspect of the present invention includes a first encryption device and a second encryption device that can be switched between the first encryption device and encrypted communication through an optical line. A control method of the station side device for performing encrypted communication with a switching source cryptographic device of the first cryptographic device and the second cryptographic device, and the first cryptographic device and the second cryptographic device. Switching between the cryptographic device and transferring the system identifier included in the channel identifier used for encrypted communication from the switching source cryptographic device to the switching destination cryptographic device; the first cryptographic device and the second cryptographic device; And performing encrypted communication with the encryption device that is the switching destination among the encryption devices.

  According to the present invention, encrypted communication can be continued smoothly even when the encryption device is switched in the station side device.

It is a block diagram which shows schematic structure of the PON system which concerns on Embodiment 1 of this invention. 3 is a sequence chart for explaining an outline of processing performed in the PON system 302 according to the first embodiment. It is a figure which shows the structure of OSU12 in a station side apparatus. 2 is a diagram illustrating a configuration of an ONU 202. FIG. It is a figure which shows the structure of the encryption device 40 (PON control part 36 and encryption part 30) contained in OSU12. It is a figure for demonstrating an example of a structure of a downlink data frame. It is a figure for demonstrating the frame format of an EAPOL-MKA frame defined by IEEE802.1X. FIG. 8 is a diagram illustrating a structure of a Basic Parameter Set illustrated in FIG. 7. FIG. 3 is a diagram illustrating configurations of a control unit 29 and a decoding unit 20 in the ONU 202. It is a schematic diagram explaining the structure considered to be general of OLT provided with several OSU. In IEEE802.1X, it is a figure explaining the procedure in the case of starting encryption communication by a certain secure channel (secure path | route). 2 is a schematic diagram illustrating a configuration of an OLT according to Embodiment 1. FIG. FIG. 3 is a schematic diagram illustrating an example of data transfer from an active OSU to a standby OSU. It is a figure for demonstrating in detail the sequence shown in FIG. 6 is a diagram showing a configuration example of a decoding parameter management table according to Embodiment 1. FIG. 6 is a diagram showing an example of key registration in a decryption parameter management table 60 according to Embodiment 1. FIG. It is the figure which showed an example of the setting of PN in the decoding parameter management table 60 which concerns on Embodiment 1. FIG. 10 is a sequence chart for explaining an outline of processing performed in the PON system 302 according to the second embodiment. FIG. 10 is a diagram illustrating an example of key registration in a decryption parameter management table 60 according to the second embodiment. It is the figure which showed an example of the setting of PN in the decoding parameter management table 60 which concerns on Embodiment 2. FIG.

[Description of Embodiment of Present Invention]
First, embodiments of the present invention will be listed and described.

  (1) A station apparatus according to an embodiment of the present invention is a station apparatus that performs encrypted communication through an optical line. The station-side apparatus includes a first cryptographic device and a second cryptographic device that can be switched between the first cryptographic device. In switching between the first cryptographic device and the second cryptographic device, the station side device changes the system identifier included in the channel identifier used for encrypted communication from the switching source cryptographic device to the switching destination cryptographic device. take over.

  According to the above configuration, encrypted communication can be continued smoothly even when the encryption device is switched in the station side apparatus. When the cryptographic device is switched, if the system identifier included in the channel identifier is changed, it is necessary for the home side device to detect, for example, a change in the system identifier and to execute various processes associated with the change. There is a possibility that encrypted communication may be temporarily stopped by executing these processes. According to the above configuration, even when the cryptographic device is switched, the system identifier included in the channel identifier is not changed. Therefore, the home side device does not have to temporarily stop the encrypted communication.

  “Switching between the first cryptographic device and the second cryptographic device” includes switching from the first cryptographic device to the second cryptographic device and switching from the second cryptographic device to the first cryptographic device. Either of them may be used.

  “Takeover” means that the information possessed by the switching source cryptographic device matches the information possessed by the switching destination cryptographic device. Therefore, the timing and method of taking over are not limited. Further, “takeover” is not limited to changing information held by the switching destination cryptographic device with information held by the switching source cryptographic device. Before switching, the switching destination encryption device may have the same information as the switching source encryption device.

  An apparatus and a method for controlling “takeover” are not particularly limited. For example, the switching source encryption device may transmit information to the switching destination encryption device. Conversely, the switching destination encryption device may acquire information from the switching source encryption device. Furthermore, another device different from the first cryptographic device and the second cryptographic device may mediate transmission of information between the switching source cryptographic device and the switching destination cryptographic device. This device may be, for example, a control device mounted on the station side device or a control device provided outside the station side device.

  (2) Preferably, the system identifier is set to a physical address of an encryption device that performs encrypted communication among the first encryption device and the second encryption device. By switching, the switching source cryptographic device takes over the physical address to the switching destination cryptographic device.

  According to the above configuration, when the system identifier is a physical address of the cryptographic device (for example, a MAC (Media Access Control) address), the system identifier is not changed before and after switching of the cryptographic device (the system identifier is inherited). Therefore, encrypted communication can be continued smoothly.

  (3) Preferably, the first cryptographic device and the second cryptographic device have unique physical addresses. The system identifier is set to an address that is common between the switching source cryptographic device and the switching destination cryptographic device and is different from the unique physical address.

  According to the above configuration, even if the physical addresses (for example, MAC addresses) of the first cryptographic device and the second cryptographic device are different, the system identifier is not changed before and after switching of the cryptographic device (the system identifier is taken over). ) Therefore, encrypted communication can be continued smoothly.

  (4) Preferably, the switching-source encryption device executes a process for discovery related to encrypted communication when the home-side device is linked up to the optical line to which the station-side device is connected, When switching between the second cryptographic devices occurs, the switching-destination cryptographic device does not execute a process for discovery with the home device.

  According to the above configuration, even when the encryption device is switched, the encrypted communication is not temporarily stopped by the discovery process. Therefore, encrypted communication can be continued smoothly.

  (5) Preferably, the switching-destination encryption device takes over the encryption key used by the switching-source encryption device in encrypted communication.

  According to the above configuration, the encryption key is not changed even when the encryption device is switched. Therefore, it is not necessary for the station side device to prepare a new encryption key when the encryption device is switched. Therefore, encrypted communication can be continued smoothly.

  (6) A PON system according to another embodiment of the present invention includes a station-side device, a home-side device, and an optical line that connects the station-side device and the home-side device. The station-side device includes a first encryption device for performing encrypted communication with the home-side device and a second encryption device that can be switched between the first encryption device. In switching between the first cryptographic device and the second cryptographic device, the station side device changes the system identifier included in the channel identifier used for encrypted communication from the switching source cryptographic device to the switching destination cryptographic device. take over.

  According to the above configuration, encrypted communication can be continued smoothly even when the encryption device is switched in the station side apparatus.

  (7) In still another embodiment of the present invention, the station-side apparatus includes a first encryption device and a second encryption device that can be switched between the first encryption device and an optical line. Perform encrypted communication. The station side device control method includes a step (SQ6) of performing encrypted communication with a switching source encryption device of the first encryption device and the second encryption device, and the first encryption device and the second encryption device. A step of switching (SQ8) the system identifier included in the channel identifier used for encrypted communication from the switching source encryption device to the switching destination encryption device, and the first encryption device; A step (SQ14) of performing encrypted communication with a switching destination encryption device of the second encryption device.

  According to the above configuration, encrypted communication can be continued smoothly even when the encryption device is switched in the station side apparatus.

[Details of the embodiment of the present invention]
Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

  Further, in the description of the embodiment of the present invention, the term “sequence” can be read as “step”. Furthermore, a “sequence” can be included in a “step”. That is, in the following description, an example of the order of the plurality of processes is shown. Some processes are not limited to be performed according to the described order.

<Embodiment 1>
FIG. 1 is a block diagram showing a schematic configuration of a PON system according to Embodiment 1 of the present invention. Referring to FIG. 1, a PON system 302 includes a station side device (OLT) 101 and N (N is an integer of 2 or more, the same applies hereinafter) PON lines 203_1 to 203_N, which are optical lines made of optical fibers N optical couplers 204 </ b> _ <b> 1 to 204 </ b> _N and a plurality of residential units (ONUs) 202 are provided. The OLT 101 includes optical line units (hereinafter also referred to as OSUs (Optical Subscriber Units)) 12_1 to 12_N + 1, a concentrator 13, an optical switch 14, and an overall controller 11 that performs overall control of the OLT 101. The OSU includes an encryption device for encrypted communication.

  In the PON system 302, each PON line is, for example, 10G-EPON. The uplink corresponds to Ethernet (registered trademark) that realizes a communication speed of 10 gigabits / second, for example. Also, ONU registration, withdrawal, bandwidth allocation to the ONU, and bandwidth request from the ONU are performed by the MPCP frame.

  In the following description, the direction from the home side device to the higher level network (hereinafter also referred to as “uplink”) is referred to as the uplink direction. On the other hand, the direction from the uplink to the home device is referred to as the downlink direction.

  The OLT 101 accommodates a plurality of PON lines corresponding to 10G-EPON. One or a plurality of ONUs are connected to one PON line. The OLT 101 multiplexes data from these PON lines to an uplink having one or a plurality of communication lines. Further, the OLT 101 distributes data from the uplink and transmits it to each ONU in each PON line. Furthermore, the OLT 101 allocates the upstream band and downstream band of the PON line to each ONU. For example, the upstream optical signal from each ONU to the OLT 101 is a burst signal, and the downstream optical signal from the OLT 101 to each ONU is a continuous signal. In the PON system 302, optical signals from each ONU to the OLT 101 are time-division multiplexed.

  Specifically, the OLT 101 is connected to N PON lines 203_1 to 203_N and terminates the N PON lines. The OSU is a structural unit of the OLT 101 and terminates the PON line by, for example, one integrated circuit. In the present embodiment, each OSU is provided corresponding to a PON line, and transmits / receives a frame to / from one or more ONUs connected to the corresponding PON line. The PON lines 203_1 to 203_N are connected to the optical couplers 204_1 to 204_N, respectively, and are connected to the respective ONUs 202 through these optical couplers.

  The OLT 101 has, for example, an N: 1 redundant configuration. That is, in one aspect, out of N + 1 OSUs, N OSUs 12_1 to 12_N function as active (active) OSUs, and OSU12_N + 1 functions as a standby (standby) OSU. That is, the station side device has at least two OSUs that can be switched. In other words, the station side device has at least two switchable encryption devices.

  It is not limited that the specific OSU is predetermined as the standby OSU. An OSU that is not connected to the PON line may be used as an OSU for future switching. Further, the OLT 101 may include two or more standby OSUs.

  The overall control unit 11 performs control to switch the OSU 12 that should transmit / receive a frame to / from the ONU 202 between the active OSU 12 and the standby OSU 12.

  The optical switch 14 switches communication paths between the N + 1 OSUs 12_1 to 12_N + 1 and the N PON lines 203-1 to 203-N in accordance with instructions from the overall control unit 11.

  The concentrator 13 transmits the uplink frame received from each ONU via the plurality of OSUs to the uplink. Specifically, the concentrator 13 multiplexes the uplink frames from the OSUs 12_1 to 12_N + 1 and transmits them to the uplink, and performs a process of distributing the downlink frames received from the uplink to appropriate OSUs.

  In the following, an OSU that functions as an active OSU is referred to as an “active OSU”, and an OSU that functions as a standby OSU is referred to as a “standby OSU”.

  In the PON system 302, user data is encrypted in order to protect user data included in the downlink data frame. Encryption of the PON system 302 is defined by IEEE 802.1AE (“Media Access Control (MAC) Security”). IEEE 802.1AE is called “MACsec”.

  In addition, IEEE 802.1AE supports Replay Protection. Replay protection can also be invalidated by configuration.

  “Replay Protection” is a function for preventing a playback attack (a copy attack is made by copying a frame or a processing load is increased by sending a large number of copy frames). Specifically, “Replay Protection” increases (increments) a predetermined value each time a transmission side device (OSU) transmits a downlink data frame in which a user data portion is encrypted. A packet number (PN) is assigned. The receiving device (ONU) detects an illegally copied downlink data frame based on the packet number, and discards the downlink data frame. The criteria for determining whether or not to discard the downstream data frame will be described later.

  FIG. 2 is a sequence chart for explaining an outline of processing performed in the PON system 302 according to the first embodiment. Specifically, FIG. 2 is a diagram illustrating an aspect in which switching is performed between OSU 12_1 and OSU 12_N + 1.

  Referring to FIG. 2, in sequence SQ2, OSU 12_N + 1 starts to function as a standby OSU. In sequence SQ4, the OSU 12_1 starts to function as the active OSU.

  In sequence SQ6, the OUS12_1 transmits a downlink data frame to the ONU 202. More specifically, the OSU 12_1 (in other words, the encryption device before switching) performs encrypted communication with the OLT 202. Although details will be described later, the encrypted downlink data frame includes at least encrypted user data and a tag indicating that it is an encrypted frame.

  In sequence SQ8, redundancy switching is performed between OSU 12_1 and OSU 12_N + 1 based on the occurrence of an event for which redundancy switching should be performed. At this time, the SCI is taken over from the switching source cryptographic device (OSU12_1) to the switching destination cryptographic device (OSU12_N).

  In sequence SQ10, OSU12_N + 1 starts to function as the active OSU. In the sequence SQ12, the OSU 12_1 starts to function as the standby OSU. In sequence SQ <b> 14, OSU <b> 12 </ b> _N + 1 (in other words, the switching destination encryption device) performs encrypted communication with ONU 202 and transmits a downlink data frame to ONU 202.

  According to the embodiment of the present invention, at the time of switching (redundancy switching), the SCI is taken over from the switching source cryptographic device to the switching destination cryptographic device. The SCI includes a system identifier described later. As a result, the ONU 202 can continue the cryptographic communication with the OLT 101 without being aware of the switching of the cryptographic device in the OLT 101. Therefore, according to the embodiment of the present invention, smooth encrypted communication can be continued between the OLT 101 and the ONU 202.

  FIG. 3 is a diagram showing the configuration of the OSU 12 in the station side device. Referring to FIG. 3, OSU 12 includes encryption unit 30, line concentration IF (Interface) unit 31, control IF unit 32, reception processing unit 33, transmission processing unit 34, PON transmission / reception unit 35, and PON control. The unit 36 includes a FIFO 37 that accumulates upstream frames, and a FIFO 38 that accumulates downstream frames. The PON transmission / reception unit 35 and the transmission processing unit 34 constitute a transmission unit of the OSU 12. The PON control unit 36 and the control IF unit 32 constitute a notification unit of the OSU 12.

  In the OLT 101, a clock for operating each unit in the OSU 12 is generated. The OSU 12 generates time information, that is, a time stamp according to the timing of this clock, and transmits / receives a frame according to the time stamp. The OSU 12 also includes a time stamp in the control frame and transmits it to each subordinate ONU 202. The ONU 202 operates according to the time stamp. The ONU 202 adjusts its own time stamp based on the time stamp included in the control frame from the OSU 12.

  The PON transmission / reception unit 35 is connected to one optical fiber, which is a PON line, via the optical switch 14 as a master station side starting point of the PON line. The PON transmitter / receiver 35 receives an upstream optical signal of a specific wavelength, for example, a 1310 nm band, and converts it into an electrical signal so that bidirectional communication can be performed with each ONU via the optical fiber, and then converts it into an electrical signal. In addition to outputting, the electrical signal received from the transmission processing unit 34 is converted into a downstream optical signal of another wavelength and transmitted. For example, the PON transmission / reception unit 35 converts a 10 Gbps electrical signal received from the transmission processing unit 34 into a downstream optical signal in the 1570 nm band and transmits the converted signal.

  The reception processing unit 33 reconstructs a frame from the electrical signal received from the PON transmission / reception unit 35 and distributes the frame to the PON control unit 36 or the FIFO 37 according to the type of the frame. Specifically, the data frame is output to the FIFO 37 and the control frame is output to the PON control unit 36.

  The reception processing unit 33 may receive grant information indicating when to receive a frame from which logical link from the transmission processing unit 34, and output a control signal for supporting burst reception to the PON transmission / reception unit 35. Further, the reception processing unit 33 may receive this grant information and filter, that is, discard, a received frame that is not indicated in the grant information.

  The concentrating IF unit 31 outputs the upstream frame received from the FIFO 37 to the concentrating unit 13. When receiving the control frame from the PON control unit 36, the concentration IF unit 31 outputs the control frame to the concentration unit 13 with priority over the frame from the FIFO 37 between the frame sequences from the FIFO 37. When receiving the frame from the line concentrator 13, the line concentrator IF 31 outputs the frame to the FIFO 38 when the frame is a normal data frame, and outputs the frame to the PON controller 36 when the frame is a control frame.

  The encryption unit 30 encrypts the data frame received from the FIFO 38. The encryption unit 30 outputs the encrypted data frame and the control frame received from the PON control unit 36 to the transmission processing unit 34.

  The transmission processing unit 34 receives the data frame and the control frame output from the encryption unit 30 according to the priority order, and outputs them to the PON transmission / reception unit 35.

  The PON control unit 36 performs station-side processing related to control and management of the PON line such as MPCP and OAM. That is, the PON control unit 36 exchanges each ONU connected to the PON line with an MPCP message and an OAM message, thereby performing upstream access control including downstream registration, leaving and bandwidth allocation, ONU control, and ONU. Management of ONU operations including sleep instructions to Note that these control messages are usually not subject to encryption.

  For example, the PON control unit 36 allocates the upstream bandwidth in the PON line to each ONU 202 based on the upstream bandwidth allocation request in the PON line received from each ONU 202. Specifically, the PON control unit 36 allocates a bandwidth in the PON line to the ONU 202 based on a report frame indicating a bandwidth allocation request in the PON line received from the ONU 202, that is, transmits a gate frame in which a grant is written to the ONU 202. To do. The PON control unit 36 notifies the ONU 202 of the transmission start timing and the transmittable data length to the ONU 202 using the gate frame.

  Based on an instruction from the overall control unit 11, the control IF unit 32 performs settings in the concentrating IF unit 31, the reception processing unit 33, the transmission processing unit 34, and the PON control unit 36, and sets the status of each unit as a whole. Notify the control unit 11. Further, when an abnormality occurs in each of these units, the state of the unit in which the abnormality has occurred is notified to the overall control unit 11 without depending on an instruction from the overall control unit 11. The overall control unit 11 performs redundant switching of the OSU 12 based on such information, for example. Setting and status notification for the PON transceiver 35 are performed via the reception processor 33. The setting and status notification for the encryption unit 30 is performed via the PON control unit 36.

  The encryption device 40 includes a PON control unit 36 and an encryption unit 30. For example, the cryptographic device 40 is realized by one integrated circuit. This integrated circuit may further include units other than the PON control unit 36 and the encryption unit 30 in the OSU 12. A unique MAC address is assigned to the cryptographic device 40.

  FIG. 4 is a diagram showing the configuration of the ONU 202. Referring to FIG. 4, the ONU 202 includes a decoding unit 20, a PON port 21, an optical reception processing unit 22, a buffer memory 23, a transmission processing unit 24, a UNI (User Network Interface) port 25, and a reception process. Unit 26, buffer memory 27, optical transmission processing unit 28, and control unit 29. The PON port 21 and the optical reception processing unit 22 constitute a reception unit.

  The receiving unit receives various frames transmitted from the OLT 101. For example, the receiving unit receives a frame including encrypted data obtained by encrypting user data and a secure tag of the encrypted data. More specifically, the PON port 21 receives a downstream optical signal transmitted from the OLT 101. The optical reception processing unit 22 converts the downstream optical signal received via the PON port 21 into an electrical signal, reconstructs a frame from the electrical signal, and outputs the frame.

  The decoding unit 20 decodes the frame received from the optical reception processing unit 22. The decoding unit 20 distributes the frame to the control unit 29 or the transmission processing unit 24 according to the type of frame. Specifically, the decoding unit 20 outputs the decoded data frame to the transmission processing unit 24 via the buffer memory 23, and outputs the control frame received from the optical reception processing unit 22 to the control unit 29.

  The transmission processing unit 24 transmits the data frame received from the decoding unit 20 to a user terminal such as a personal computer (not shown) via the UNI port 25.

  The reception processing unit 26 outputs the data frame received from the user terminal via the UNI port 25 to the optical transmission processing unit 28 via the buffer memory 27.

  The control unit 29 performs home-side processing related to control and management of the PON line such as MPCP, OAM, and MKA. That is, various controls such as access control are performed by exchanging MPCP messages, OAM messages, and MKA messages with the OLT 101 connected to the PON line. The control unit 29 generates a control frame including various control information and outputs it to the optical transmission processing unit 28 via the buffer memory 27.

  The optical transmission processing unit 28 converts the data frame received from the reception processing unit 26 and the control frame received from the control unit 29 into an optical signal, and transmits the optical signal to the OLT 101 via the PON port 21.

  FIG. 5 is a diagram illustrating a configuration of the encryption device 40 (PON control unit 36 and encryption unit 30) included in the OSU 12. Referring to FIG. 5, PON control unit 36 includes a frame creation unit 71, a key update unit 72, an SCI creation unit 73, and a switching processing unit 74. The encryption unit 30 includes a frame type identification unit 61, a storage unit 62, an encryptor 63, a multiplexer 64, a key selection unit 65, and an SCI selection unit 66. The storage unit 62 may be included in the PON control unit 36, or the storage area may be divided and included in the encryption unit 30 and the PON control unit 36.

  In the encryption unit 30, the storage unit 62 stores an encryption key (also referred to as “key” or “encryption key”) used before redundant switching between the active OSU and the standby OSU. More specifically, the storage unit 62 stores encryption information such as the key management table 70 and SCI for each logical link identifier (LLID).

  In the PON control unit 36, the key update unit 72 acquires an encryption key necessary for encrypted communication with each ONU 202 under its own OSU 12, for example, for each LLID, and stores the acquired encryption key in the storage unit 62. To do. Note that not only one ONU 202 corresponds to one LLID, but one ONU 202 may correspond to a plurality of LLIDs.

  More specifically, the key update unit 72 creates a key management table 70 indicating a correspondence relationship between a secure communication identification number (Secure Association Number) and an encryption key such as SAK for each LLID, and stores it in the storage unit 62. . In the key management table 70, a protected communication identification number (AN), an encryption key such as SAK, and a packet number (PN) are registered.

  Here, the protected communication identification number is, for example, an association number (AN) in Non-Patent Document 2. The association number is 2-bit data, and it is possible to register protected communication corresponding to four different keys for one LLID.

  Further, the present embodiment is applicable not only when the key is a unicast key but also when the key is a broadcast key and a multicast key.

  The SCI creation unit 73 creates channel information based on the identification information of the own OSU 12 and the identification information of the ONU 202 that is the transmission destination of the frame. For example, the SCI creation unit 73 creates an SCI (Secure Channel Identifier) in Non-Patent Document 2 as channel information.

  The SCI is composed of a system identifier and a port number. Specifically, the system identifier is a MAC (Medium Access Control) address (unique physical address) unique in the world of the encryption source of the frame, and the port number is a number that is not duplicated in the system, for example, LLID. The SCI creation unit 73 creates an SCI for each LLID and stores it in the storage unit 62.

  The frame creation unit 71 creates and outputs control frames such as MPCP frames such as gate frames, OAM frames, extended MAC frames, and MKA frames.

  In the encryption unit 30, the frame type identification unit 61 confirms the contents of the type field in the frame received from the FIFO 38 and the frame creation unit 71 and determines the frame to be encrypted. Specifically, for example, the frame type identification unit 61 outputs a data frame to the encryptor 63 and outputs a control frame to the multiplexer 64.

  The encryptor 63 encrypts the user data included in the data frame received from the frame type identifying unit 61 using an encryption key and SCI according to a method described in Non-Patent Document 2, for example.

  The multiplexer 64 multiplexes the data frame encrypted by the encryptor 63 and the control frame received from the frame type identification unit 61 and outputs the multiplexed data frame to the transmission processing unit 34.

  In the PON control unit 36, the switching processing unit 74 displays, for example, switching control information indicating the timing of OSU redundancy switching and whether the own OSU 12 is a switching source or a switching destination via the control IF unit 32. Get from. The switching processing unit 74 outputs the switching control information to the key selection unit 65, the SCI selection unit 66, the encryptor 63, and the frame creation unit 71.

  The frame creation unit 71 in the switching source cryptographic device 40 generates a control frame whose destination is the ONU 202 communicating with its own OSU 12 to notify the MAC address indicated by the switching control information received from the switching processing unit 74. To the frame type identification unit 61. This control frame is, for example, an MKA frame or an extended OAM frame.

  The key selection unit 65 in the switching destination encryption device 40 selects an association number to be included in the data frame based on the switching control information received from the switching processing unit 74, and keys the encryption key corresponding to the selected association number. Obtained from the management table 70 and outputs the association number and the encryption key to the encryptor 63.

  The SCI selection unit 66 selects an association number to be included in the data frame based on the switching control information received from the switching processing unit 74, acquires the SCI corresponding to the selected association number from the key management table 70, and The association number and the SCI are output to the encryptor 63.

  FIG. 6 is a diagram for explaining an example of a configuration of a downlink data frame. FIG. 6A shows an Ethernet frame format before applying MACsec. FIG. 6B is a diagram showing an Ethernet frame format after applying MACsec. That is, FIG. 6B is a diagram showing the format of the downlink data frame. More specifically, FIG. 6B is a diagram for explaining the format of the secure tag in the downlink data frame. FIG. 6C is a diagram for mainly explaining the configuration of the SCI.

  Referring to FIG. 6A, in the Ether frame format before applying MACsec, a field into which a transmission destination address (DA) is inserted, a field into which a transmission source address (SA) is inserted, and user data are inserted. Field.

  Referring to FIG. 6B, in the downlink data frame, a field into which a transmission destination address (DA) is inserted, a field into which a transmission source address (SA) is inserted, and a security tag (secure tag) are inserted. A field into which encrypted data obtained by encrypting user data is inserted, and a field into which ICV (Integrity Check Value) is inserted.

  The secure tag includes a field in which MACsec Ethertype is inserted, a field in which TCI (TAG control information) is inserted, a field in which SL (Short length) is inserted, and a field in which AN (Association Number) is inserted. And a field into which a PN (Packet Number) is inserted.

  When the security tag (Sec TAG) attached to the encryption frame is a long tag, as shown in FIG. 6, the security tag includes SCI. Security tags include AN and PN, but SCI is optional. Accordingly, there is a possibility that a security tag (short tag) that does not include the SCI is attached to the encryption frame.

  MACsec Ethertype is a 2-octet field indicating that MACsec is used. The TCI is a 6-bit field including a V bit indicating the MACsec version, an SC bit indicating the presence of the SCI field, an E bit indicating the presence / absence of encryption, and the like. AN is a 2-bit field for identifying SA in the same SC. That is, the SC is composed of a maximum of four SAs.

  In SL, when the length of encrypted data (secure data) is less than 48 octets, the length (octet) is entered. In the case of 48 octets or more, 0 is entered in SL.

  The PN is a 4-octet field in which a unique ID for identifying a packet transmitted with the same SA is entered. PN is a packet number for identifying a frame. Each time one encrypted frame is transmitted, PN is incremented. The ONU receives the encrypted frame and confirms the PN. A frame having a PN that is smaller than the threshold by the PN of the previously received frame is discarded. This function is called a “Replay Protection” function. Although replay protection is an option, it is normally set to enable.

  When the E bit of the TCI field is 1, user data is encrypted. DA, SA, secure tag, and encrypted data are within the range of message authentication.

  The SCI is an 8-octet field that exists when the SC bit of the TCI is 1. The SCI is used to identify the SC.

  Referring to FIG. 5 again, the encryptor 63 sets the association number received from the key selection unit 65 or the SCI selection unit 66, the SCI received from the SCI selection unit 66, and the like in the security tag, and the packet number in the security tag. Set. In addition, the encryptor 63 encrypts the user data included in the data frame received from the frame type identification unit 61 using the encryption key received from the key selection unit 65 and the SCI received from the SCI selection unit 66.

  The encryptor 63 performs an operation of transmitting a tag (long tag) including the SCI as a secure tag in addition to the association number (AN) and the packet number (PN).

  Referring to FIG. 6C, SAI (Secure Association Number) includes SCI and AN. As described above, the SCI includes a system identifier (hereinafter also referred to as “System ID”) and a port number. The field into which the system identifier is inserted is a 6-octet field. The field into which the port number is inserted is a 2 octet field.

  When the long tag is selected, the ONU 202 can acquire the SCI from the encryption frame. However, when the short tag is selected, the ONU 202 cannot determine the SCI directly from the encryption frame. In this case, the ONU 202 can receive, for example, an encryption key distribution control frame (for example, an EAPOL-MKA frame) and acquire the SCI included in the control frame.

  FIG. 7 is a diagram for explaining the frame format of the EAPOL-MKA frame defined in IEEE 802.1X. Referring to FIG. 7, the MAC address of the encryption device is entered in the MAC SA field. A case where a MAC address different from the encryption device is used as the SCI System ID is also conceivable. In this case, however, it is appropriate that the MAC address of the encryption device is entered in the MAC SA field.

  Packet Body is a variable-length field, and can store a plurality of parameter sets (Parameter Set). Here, Basic Parameter is an essential parameter set.

  FIG. 8 is a diagram showing the structure of the Basic Parameter Set shown in FIG. Referring to FIG. 8, Basic Parameter Set includes an SCI field in which SCI is stored.

  FIG. 9 is a diagram illustrating the configuration of the control unit 29 and the decoding unit 20 in the ONU 202. Referring to FIG. 9, decryption unit 20 includes decryption unit 51, storage unit 52, SCI selection unit 53, key selection unit 54, association number extraction unit 55, PN selection unit 56, and frame type identification. Part 57.

  The control unit 29 includes a key update unit 81, an SCI creation unit 82, a switching processing unit 83, a control frame processing unit 85, a data frame processing unit 86, and a PN setting unit 87. The data frame processing unit 86 includes a data frame discarding unit 862.

  A part or all of the units in the control unit 29 and the decoding unit 20 are realized by, for example, one integrated circuit as a home-side control unit. This integrated circuit may further include units other than the control unit 29 and the decoding unit 20 in the ONU 202. The storage unit 52 may be included in the control unit 29, or the storage area may be divided and included in the control unit 29 and the decoding unit 20.

  In the decryption unit 20, the storage unit 52 stores a decryption key that is a decryption key used before redundant switching between the active OSU and the standby OSU. More specifically, the storage unit 52 stores encryption information such as a decryption parameter management table 60 and a port number.

  In the control unit 29, the key update unit 81 acquires a decryption key necessary for encrypted communication with the OSU 12 and stores the acquired decryption key in the storage unit 52.

  The SCI creation unit 82 creates channel information based on the identification information of its own ONU 202 and the identification information of the OSU 12 that is the encryption source of the frame. For example, the SCI creation unit 82 creates an SCI (Secure Channel Identifier) in Non-Patent Document 2 as channel information and stores it in the storage unit 52. In this case, as described above, the identification information of the own ONU 202 is the LLID, and the identification information of the OSU 12 that is the encryption source of the frame is the MAC address.

  The key update unit 81 and the SCI creation unit 82 create a decryption parameter management table 60 indicating the correspondence between the protected communication identification number, the decryption key such as SAK, and the SCI, and store the decryption parameter management table 60 in the storage unit 52. For example, the decryption parameter management table 60 includes a protected communication identification number (AN), an encryption key such as SAK, a packet number (PN), and an SCI used before redundant switching between the active OSU and the standby OSU. Is registered.

  In the decoding unit 20, the frame type identification unit 57 confirms the contents of the type field in the frame received from the optical reception processing unit 22 and determines the frame to be decoded. Specifically, for example, the frame type identification unit 57 outputs the data frame to the data frame processing unit 86 and the association number extraction unit 55, and outputs the control frame to the control unit 29.

  The data frame processing unit 86 performs processing based on the content of the secure tag in the downlink data frame and outputs the downlink data frame to the decoder 51. The PN setting unit 87 sets a PN value in the decryption parameter management table 60.

  The decryptor 51 decrypts the user data included in the data frame received from the data frame processing unit 86 using the decryption key and the SCI, for example, according to the method described in Non-Patent Document 2, and outputs the decrypted data to the buffer memory 23. .

  More specifically, the decoder 51 obtains a decryption key corresponding to the protected communication identification number extracted by the association number extraction unit 55 by referring to the decryption parameter management table 60 by the key selection unit 54, The obtained decryption key is used for decrypting the data frame.

  Association number extraction unit 55 extracts the association number included in the data frame received from frame type identification unit 57 and outputs the extracted association number to SCI selection unit 53 and key selection unit 54. Further, the association number extraction unit 55 detects a change in the association number in the security tag of the data frame and notifies the switching processing unit 83 of the detection result.

  The key selection unit 54 acquires the decryption key corresponding to the association number received from the association number extraction unit 55 from the decryption parameter management table 60, and outputs the association number and the decryption key to the decoder 51.

  The SCI selection unit 53 acquires the SCI corresponding to the association number received from the association number extraction unit 55 from the decoding parameter management table 60, and outputs the association number and the SCI to the decoder 51.

  The decoder 51 uses the decryption key received from the key selection unit 54 and the SCI received from the SCI selection unit 53 to decode the user data included in the data frame received from the frame type identification unit 57, and the buffer memory 23. Output to.

  In the control unit 29, the control frame processing unit 85 analyzes the control frame received from the frame type identification unit 57, and performs various controls such as access control based on the analysis result.

  FIG. 10 is a schematic diagram for explaining a general configuration of an OLT including a plurality of OSUs. Referring to FIG. 10, the OLT 101 includes, for example, three OSUs (OSUs 12_a to 12_c). The OSUs 12_a and 12_b terminate the PON lines 203_a and 203_b, respectively.

  The MAC control device of each OSU can be called an encryption device because it also performs encryption processing. In general, the MAC address is different for each MAC control device, that is, for each cryptographic device. Therefore, also in the OLT 101 that supports redundant switching, the MAC address is different for each OSU. In FIG. 10, the MAC addresses of the OSUs 12_a to 12_c are indicated as “A”, “B”, and “C”, respectively.

  In one example, the OSU that terminates the PON line 203_b is switched from the OSU 12_b to the OSU 12_c. Along with this switching, the MAC address of the encryption device changes. The system ID included in the SCI changes with the switching of the cryptographic device (change of the MAC address). Processing accompanying this change occurs between the OSU and the ONU.

  FIG. 11 is a diagram for explaining a procedure for starting encrypted communication on a certain secure channel (secure route) in IEEE 802.1X. For comparison with the first embodiment, the same reference numerals as those in FIG. 2 are used as the reference numerals for indicating the sequences. Referring to FIG. 11, first, discovery (MKA Discovery) for finding a partner to perform secure communication on the channel is performed using the identifier (SCI) of the secure channel. Using the SCI, the station side device distributes the encryption key to the ONU, and then the encrypted communication is started.

  More specifically, first, the ONU is connected to the PON line (links up). The OSU 12_b executes MKA Discovery and finds a communication partner, that is, the ONU 202, using the SCI of a certain secure channel (this is referred to as “SCI_1”). That is, discovery is executed by the OSU 12_b and the ONU 202.

  Next, the OSU 12 — b distributes a key (referred to as “Key — 1”) to the ONU 202 using the SCI (SCI — 1). Thus, encrypted communication is started, and the ONU 202 can decrypt the data encrypted in the OSU 12_b.

  With redundancy switching, the OSU 12_c starts to function as the active OSU. In this case, the OSU 12_b starts to function as a standby OSU. The MAC address is switched by switching the OSU.

  The cryptographic device (OSU12_N + 1) after switching and the home device perform cryptographic communication using a secure channel (SC) different from that before switching. For this reason, in the standard (IEEE 802.1X), it is assumed that MKA Discovery is newly executed to find a communication partner, that is, ONU 202, using the new secure channel SCI (this is "SCI_2"). The That is, the MKA discovery is executed by the OSU 12_N + 1 and the ONU 202.

  The OSU 12_c distributes a key (referred to as “Key_2”) to the ONU 202 using the SCI (SCI_2). Thus, encrypted communication is started, and the ONU 202 can decrypt the data encrypted in the OSU 12_c.

  However, after the OSU redundancy switching, the MKA Discovery and the key distribution are performed, so that the encrypted communication is temporarily stopped. When the period during which communication is stopped becomes longer, a problem of communication quality degradation occurs.

  FIG. 12 is a schematic diagram illustrating the configuration of the OLT according to the first embodiment. Referring to FIG. 12, in the first embodiment, the SCI (especially System ID) is taken over between the switching source cryptographic device (OSU12_b) and the switching destination cryptographic device (OSU_12c).

  In one embodiment, the MAC address is shared between the switching source cryptographic device and the switching destination cryptographic device (the MAC address is B). The System ID included in the SCI is set to the MAC address of the encryption device. That is, the System ID is shared by the switching source cryptographic device and the switching destination cryptographic device.

  In the OLT 101, switching occurs between two cryptographic devices. In this switching, the system ID (in other words, the MAC address of the cryptographic device) included in the SCI used for encrypted communication is inherited from the switching source cryptographic device to the switching destination cryptographic device. However, since the MAC address is the same between the switching source encryption device and the switching destination encryption device, the System ID does not change.

  Since the System ID does not change when the encryption device is switched in the OLT 101, the ONU 202 can continue the encrypted communication. The ONU 202 does not require special processing such as detection of switching of encryption devices. Therefore, the ONU 2 does not require an additional circuit and program for executing processing different from normal processing.

  In another embodiment, the MAC address assigned to the cryptographic device is a unique address (a different address for each cryptographic device), and the System ID is common between the switching source cryptographic device and the switching destination cryptographic device. It can be an address. Also in this case, the System ID (in other words, the MAC address of the cryptographic device) is taken over between the switching source cryptographic device and the switching destination cryptographic device. Therefore, the ONU 202 can continue the encrypted communication.

  The switching source encryption device and the switching destination encryption device can take over the SCI upon switching. As a result, the MAC address can be shared between the switching source encryption device and the switching destination encryption device. For example, as described below, SCI can be taken over from the switching source cryptographic device to the switching destination cryptographic device by transferring data from the active OSU to the standby OSU.

  FIG. 13 is a schematic diagram illustrating an example of data transfer from the active OSU to the standby OSU. Referring to FIG. 13, the notification unit (PON control unit 36 and control IF unit 32) of active OSU 12 determines the AN of key management table 70 described in FIG. 5 for each port number (LLID in this embodiment). And the key are transferred to the standby OSU 12.

  The active OSU 12 transfers the key management table 70 to the standby OSU 12. The transfer timing is not particularly limited. For example, data may be transferred at the time of redundancy switching, and data may be transferred prior to redundancy switching. Even when redundancy switching from the active OSU 12 to the standby OSU 12 is performed, since the AN and the key have already been transferred to the standby OSU 12, rapid redundancy switching can be performed. Further, since the standby OSU 12 does not need to take over the PN, the time required for the redundancy switching can be shortened compared to the case where the PN is taken over.

  Similarly, the System ID is also taken over from the active OSU 12 to the standby OSU 12 at the time of redundancy switching, for example. Alternatively, a common System ID among a plurality of encryption devices may be set in advance. In this case, since it is not necessary to take over the System ID from the active OSU 12 to the standby OSU 12, the encrypted communication can be continued more smoothly.

  The ONU 202 (data frame processing unit 86) obtains the key (SAK) to be used for decryption of the encrypted frame and the lower limit value of the PN to be assigned to the frame (the value obtained by subtracting the threshold from the PN of the previously received frame). And Sec TAG AN. Therefore, if the PN is not succeeded correctly before and after the encryption device is switched, there arises a problem that the frame is discarded by the replay protection.

  If an attempt is made to accurately take over the PN from the switching source encryption device, there arises a problem that the time required for switching the encryption device increases. In the switching source optical line unit, first, the PN to be taken over must be determined. However, the PN to be taken over is determined after it is confirmed that the downstream queue (for example, FIFO 38) of the switching source optical line unit is empty. Therefore, before the downstream queue becomes empty, the switching source optical line unit cannot notify the switching destination optical line unit of an accurate PN.

  Further, after confirming that the downstream queue is empty, the switching source optical line unit needs to notify the switching source optical line unit of PNs corresponding to the number of ONUs connected to the optical line unit. is there. Therefore, the switching time increases due to such a reason.

  The ONU 202 identifies the key (SAK) to be used for decryption of the encrypted frame and the lower limit value of the PN to be assigned to the frame (the value obtained by subtracting the threshold from the PN of the previously received frame) by the AN of the SEC TAG. To do. Replay protection is not applied across ANs.

  Therefore, if the AN is changed before and after the encryption device is switched, it is possible to avoid discarding the frame due to the replay protection. The reason is that the lower limit value of the PN to be attached to the frame is not set for the encryption frame received by the ONU 202 first after the AN is renewed.

  According to IEEE 802.1AE, a security relationship (a relationship between members performing protected communication) is maintained without interruption while performing key exchange. This security relationship is established when a security relationship (secure association) protected by one key is replaced without interruption by key exchange. The number that identifies each secure association that forms this seamless security relationship is AN. That is, AN is a number for identifying a security relationship in a period during which a certain encryption key is used.

  According to IEEE 802.1AE, switching an AN is synonymous with exchanging keys. However, when the encryption key is exchanged, an encrypted communication stop period occurs. In this embodiment, the AN is changed but the key is not exchanged. Therefore, smooth encrypted communication can be continued.

  FIG. 14 is a diagram for explaining the sequence shown in FIG. 2 in more detail. Referring to FIG. 8, in sequence SQ6, OUS12_1 uses the encryption key (Key_1), association number (AN) (referred to as n), and SCI (referred to as SCI_1) to perform encrypted communication with ONU 202. To do.

  In sequence SQ8, redundancy switching (and SCI takeover) is performed between OSU 12_1 and OSU 12_N + 1. After redundancy switching, in sequence SQ10, OSU12_N + 1 starts to function as the active OSU. In the sequence SQ12, the OSU 12_1 starts to function as the standby OSU. In sequence SQ14, the OSU 12_N + 1 transmits the downlink data frame to the ONU 202.

  In the first embodiment, the SCI is shared between the switching source cryptographic device and the switching destination cryptographic device. Accordingly, the SCI is inherited between the switching source cryptographic device (OSU12_1) and the switching destination cryptographic device (OSU12_N + 1). As a result, the System ID is also inherited.

  The switching destination encryption device performs encrypted communication using the SCI and encryption key inherited from the switching source encryption device. Furthermore, even when the encryption device is switched, MKA Discovery is not executed between the encryption device to be switched and the ONU 202. Thereby, smooth encrypted communication can be realized. Note that AN is switched to n + 1. By switching the AN, the PN is reset. As a result, it is possible to avoid frame discard due to Reply Protection.

  On the ONU 202 side, it is necessary to prepare a key (Key_1) and an SCI (SCI_1) in advance for decryption of an encryption frame with AN = n + 1. The processing for this will be described below while showing the decoding parameter management table.

  FIG. 15 is a diagram illustrating a configuration example of a decoding parameter management table according to the first embodiment. Referring to FIGS. 9 and 15, decryption parameter management table 60 is a table for managing AN, key (encryption key), minimum allowable PN, and SCI. When the ONU 202 receives the encryption frame (see FIG. 6B), the ONU 202 acquires the value of the AN stored in the Sec TAG of the received encryption frame. For example, the association number extraction unit 55 extracts the AN value from the encryption frame. The key selection unit 54 refers to the decryption parameter management table 60 and acquires a key associated with the AN acquired by the association number extraction unit 55. Further, the PN selection unit 56 refers to the decryption parameter management table 60, and acquires the PN (minimum allowable PN) associated with the acquired AN by the association number extraction unit 55.

  In addition, when using a short tag for a security tag (Sec TAG), SCI used for decoding is also acquired from this table. On the other hand, when a long tag is used for SecTAG, the value of SCI in SecTAG can be used for decoding.

  FIG. 16 is a diagram showing an example of key registration in the decryption parameter management table 60 according to the first embodiment. Referring to FIG. 16, when ONU 202 is distributed with a key from OLT 101, ONU 202 (for example, key update unit 81 of control unit 29) sets the same key for the next AN.

  When a short tag is used for the Sec TAG, the SCI field in the designated AN row of the decryption parameter management table 60 stores the SCI stored in the control frame for key distribution (for example, the EAPOL-MKA frame). A copy of the value of is registered. Similarly, a copy of the SCI value stored in the key distribution control frame (for example, the EAPOL-MKA frame) is also registered in the SCI column of the next AN row.

  FIG. 16 shows a state in which the key Key_1 is distributed to the ONU 202 by specifying AN = 0 from the OSU of the OLT 101 as an example. In this case, a copy of the SCI value included in the control frame for distribution of the key Key_1 (for example, the EAPOL-MKA frame) is registered in the SCI column of the rows AN = 0 and AN = 1.

  For example, when AN = 3 is designated, the key and the SCI are registered according to the above-described method in the line AN = 3 and the line AN = 0.

  Next, the switching source OSU (for example, OSU 12_1) of the OLT 101 sets the AN of the frame encrypted using the key Key_1 to 0, and transmits the encrypted frame to the ONU 202. The ONU 202 receives the encryption frame from the OLT 101 and confirms the PN. At this time, the ONU 202 updates the PN column of the decoding parameter management table 60 as necessary.

  FIG. 17 is a diagram showing an example of PN settings in the decryption parameter management table 60 according to the first embodiment. Referring to FIG. 17, for example, assume that ONU 202 receives an encryption frame with PN = 1000 and the threshold is 100. In this case, the ONU 202 (for example, the PN setting unit 87) sets 900 (= 1000-100) in the PN column of the row of AN = 0.

  Assume that the ONU 202 receives an encryption frame with PN = 100 in a state where the decryption parameter management table 60 is registered as shown in FIG. In this case, the ONU executes Replay Protection and discards the frame (encrypted frame with PN = 100). In this case, the PN value registered in the decryption parameter management table 60 is not updated.

  Next, in the OLT 101, OSU redundancy switching occurs (see sequence SQ8 in FIG. 14). The switching destination OSU (for example, OSU12_N + 1) takes over Key_1 and encrypts the frame. The value of AN stored in the Sec TAG of the encryption frame is set to 1. The switching destination OSU transmits the encrypted frame to the ONU 202.

  The ONU 202 can decrypt the encrypted frame using a key (for example, Key_1) and SCI (in the case of a short tag) registered in the decryption parameter management table 60. Further, since the minimum allowable PN (the lower limit value of PN) is initially set to 0, no frame is discarded by the replay protection. Therefore, even if the encryption device is switched, smooth encrypted communication can be continued.

  Note that the OSU to be switched to may start the PN value of the encryption frame from 1 or an appropriate value other than 1. For example, the switching destination OSU may take over an appropriate value of PN from the switching source OSU. For example, the PN before the FIFO 38 of the switching source OSU (the queue for storing downstream frames shown in FIG. 3) becomes empty may be taken over by the switching destination OSU. The PN value taken over by the switching destination OSU is not an accurate value because it is a value before the queue for storing the downstream frames becomes empty. However, since the switching destination OSU changes the AN, the frame discarding by the replay protection in the ONU is not performed. In addition, before the queue for storing the downstream frames becomes empty, the switching source OSU can notify the switching destination OSU of the PN value. Therefore, the time required for switching can be shortened compared to the case where the PN value is notified to the switching destination OSU after waiting for the queue to become empty in the switching source OSU. That is, smooth redundancy switching is possible. Thereby, since the communication stop time accompanying switching of the encryption device can be further shortened, higher quality communication can be realized.

  Further, by starting the PN value from an appropriate value as described above, it is possible to improve the safety of communication. According to IEEE 802.1AE, a threshold is set for the number of frames to be encrypted with the same key in order to ensure safety. Therefore, the number of frames encrypted with one key may be managed by the PN value. If the PN exceeds the threshold, the OLT 101 may distribute the next key to the ONU 202. In this embodiment, the switching destination OSU takes over from the switching source OSU. Therefore, the switching destination OSU takes over the PN of an appropriate size from the switching source OSU (for example, the value before the queue for storing the downstream frames is emptied), so that the switching destination OSU However, the next new key can be distributed to the ONU 202 at roughly the right time.

<Embodiment 2>
In the first embodiment, even when the cryptographic device is switched in the OLT, both the key and the SCI are inherited before and after the switching. In the second embodiment, when the encryption device is switched in the OLT, the SCI is taken over, but the key is updated. The ONU prepares a key to be used after the encryption device is switched in advance. The key is switched at the timing of switching the encryption device in the OLT.

  FIG. 18 is a sequence chart for explaining an outline of processing performed in the PON system 302 according to the second embodiment. Referring to FIG. 18, the processes of sequences SQ2 to SQ12 are the same as the processes shown in FIG. In sequence SQ14, the switching destination cryptographic device performs cryptographic communication using the same SCI as the switching source cryptographic device and the switched key (Key_2). Note that the ONU 202 prepares a key after switching (a new key for decryption) in advance.

  AN is switched to n + 1. By switching the AN, the PN is reset. As a result, it is possible to avoid frame discard due to Reply Protection.

  Since the schematic configuration of the PON system according to the second embodiment of the present invention is the same as the configuration according to the first embodiment, the following description will not be repeated. Key switching in the OLT 101 will be described.

  Referring to FIG. 5, switching processing unit 74 acquires switching control information indicating that its own OSU 12 is a switching destination from overall control unit 11 via control IF unit 32 at the timing of OSU redundancy switching. The key selection unit 65 in the switching destination OSU 12 selects an association number to be included in the data frame based on the switching control information received from the switching processing unit 74. Further, the key selection unit 65 acquires the encryption key corresponding to the selected association number from the key management table 70, and outputs the association number and the encryption key to the encryptor 63. As a result, the key is switched.

  The configurations of the control unit 29 and the decoding unit 20 in the ONU 202 are the same as those shown in FIG. Furthermore, with respect to the configuration of the decoding parameter management table 60, the configuration shown in FIG. 9 can be employed in the second embodiment. Also in the second embodiment, when a short tag is used for the security tag (SecTAG), the SCI used for decryption is also acquired from this table. On the other hand, when using a long tag for Sec TAG, the value of SCI in Sec TAG can be used for decoding.

  FIG. 19 is a diagram showing an example of key registration in the decryption parameter management table 60 according to the second embodiment. Referring to FIG. 19, when ONU 202 is distributed a key from OLT 101, ONU 202 (for example, key update unit 81 of control unit 29) sets a key (Key_2) prepared in advance by an appropriate method in the next AN. To do. The key Key_2 may be a key obtained by bit-inverting the key distributed from the OLT 101, for example.

  When a short tag is used for the Sec TAG, the SCI field in the designated AN row of the decryption parameter management table 60 is stored in the control frame for distribution of the key Key_1 (for example, the EAPOL-MKA frame). A copy of the existing SCI value is registered. The SCI copy stored in the control frame for distribution of the key Key_1 (for example, the EAPOL-MKA frame) is also registered in the SCI column of the next AN row.

  FIG. 19 shows, as an example, a state in which AN = 0 is designated by the OSU of the OLT 101 and the key Key_1 is distributed to the ONU 202. In this case, a copy of the SCI value included in the control frame for distribution of the key Key_1 (for example, the EAPOL-MKA frame) is registered in the SCI column in the row of AN = 0. Key_2 is registered in the key column of the next AN (AN = 1) row. The key Key_2 is, for example, a key obtained by bit-inverting the key Key_1. Also, a copy of the SCI value included in the control frame for distribution of the key Key_1 (for example, the EAPOL-MKA frame) is registered in the SCI column in the row of AN = 1.

  For example, when AN = 3 is designated, the key and the SCI are registered according to the above-described method in the line AN = 3 and the line AN = 0.

  Next, the switching source OSU (for example, OSU 12_1) of the OLT 101 sets the AN of the frame encrypted using the key Key_1 to 0, and transmits the encrypted frame to the ONU 202. The ONU 202 receives the encryption frame from the OLT 101 and confirms the PN. At this time, the ONU 202 updates the PN column of the decoding parameter management table 60 as necessary.

  FIG. 20 is a diagram showing an example of PN settings in the decryption parameter management table 60 according to the second embodiment. Referring to FIG. 20, for example, assume that ONU 202 receives an encryption frame with PN = 1000 and the threshold is 100. In this case, the ONU 202 (for example, the PN setting unit 87) sets 900 (= 1000-100) in the PN column of the row of AN = 0.

  Next, in the OLT 101, OSU redundancy switching occurs (see sequence SQ8 in FIG. 12). The switching destination OSU (for example, OSU12_N + 1) uses Key_2 to encrypt the frame. The value of AN stored in the Sec TAG of the encryption frame is set to 1. The switching destination OSU transmits the encrypted frame to the ONU 202.

  The ONU 202 can decrypt the encrypted frame using a key (for example, Key_2) and SCI (in the case of a short tag) registered in the decryption parameter management table 60. Further, since the minimum allowable PN (the lower limit value of PN) is initially set to 0, no frame is discarded by the replay protection. Therefore, according to the second embodiment, as in the first embodiment, smooth encrypted communication can be continued even if the encryption device is switched.

  As in the second embodiment, the switching destination OSU may start the PN value of the encryption frame from 1 or an appropriate value other than 1. When starting the PN value of the encryption frame from an appropriate value other than 1, for example, the switching destination OSU may take over the appropriate PN value from the switching source OSU. As an example, the PN before the FIFO 38 of the switching source OSU (the queue for storing downstream frames shown in FIG. 3) becomes empty may be taken over by the switching destination OSU. Also in this case, the time required for switching can be shortened compared to the case where the PN value is notified to the switching destination OSU after waiting for the queue to become empty in the switching source OSU. That is, smooth redundancy switching is possible. Thereby, since the communication stop time accompanying switching of the encryption device can be further shortened, higher quality communication can be realized.

  Furthermore, communication safety can be improved by starting the PN value from an appropriate value. In the second embodiment, a key prepared in advance and not based on formal key exchange is used. Therefore, the PN value is set to a larger value in the OSU, and the number of frames to be encrypted is limited so that the number of frames encrypted with the key is reduced before the next key exchange. May be. As a result, the OSU that is the switching destination can perform more secure encrypted communication with the ONU 202.

  The switching detection device according to the embodiment of the present invention is not limited to that realized by a dedicated hardware device. The function of the switching detection device may be realized by installing a program from the outside in a memory and having the computer read the program from the memory and execute it.

  FIG. 13 shows a case where the switching source encryption device transfers information to the switching destination encryption device as an example of SCI takeover. However, the switching destination encryption device may acquire information from the switching source encryption device. Furthermore, another device different from the first cryptographic device and the second cryptographic device may mediate transmission of information between the switching source cryptographic device and the switching destination cryptographic device. This device may be, for example, a control device mounted in the OLT 101 or a control device provided outside the OLT 101.

  The embodiment disclosed this time is an exemplification, and the present invention is not limited to the above contents. The scope of the present invention is defined by the terms of the claims, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

  DESCRIPTION OF SYMBOLS 11 General control part, 12_1-12_N + 1 Optical line unit (OSU), 13 Concentration part, 14 Optical switch, 20 Decoding part, 21 PON port, 22 Optical reception process part, 23, 27 Buffer memory, 24, 34 Transmission process part, 26, 33 Reception processing unit, 28 Optical transmission processing unit, 29 Control unit, 30 Encryption unit, 31 Concentration IF unit, 32 Control IF unit, 35 PON transmission / reception unit, 36 PON control unit, 37, 38 FIFO, 40 Encryption device, 51 Decoder, 52, 62 Storage Unit, 53, 66 SCI Selection Unit, 54, 65 Key Selection Unit, 55 Association Number Extraction Unit, 56 PN Selection Unit, 57, 61 Frame Type Identification Unit, 60 Decoding Parameter Management Table, 63 Encryptor, 64 multiplexer, 70 key management table, 71 frame creation unit, 7 , 81 Key update unit, 73, 82 SCI creation unit, 74, 83 switching processing unit, 85 control frame processing unit, 86 data frame processing unit, 87 PN setting unit, 101 station side device (OLT), 202 home side device ( ONU), 203_1-203_N PON line, 204_1-204_N optical coupler, 302 PON system, 862 data frame discarding unit.

Claims (7)

A station side device that performs encrypted communication through an optical line,
A first cryptographic device;
A second cryptographic device switchable between the first cryptographic device and
In switching between the first cryptographic device and the second cryptographic device, the system identifier included in the channel identifier used for the encrypted communication is taken over from the switching source cryptographic device to the switching destination cryptographic device. Station side device. The system identifier is set to a physical address of an encryption device that performs the encrypted communication of the first encryption device and the second encryption device,
The station-side apparatus according to claim 1, wherein the switching-source cryptographic device takes over the physical address to the switching-destination cryptographic device by the switching. The first cryptographic device and the second cryptographic device have unique physical addresses;
2. The station side according to claim 1, wherein the system identifier is set to an address that is common between the switching-source cryptographic device and the switching-destination cryptographic device and is different from the unique physical address. apparatus. The switching-source cryptographic device executes a process for discovery related to encrypted communication when a home-side device is linked up to an optical line to which the station-side device is connected,
When the switching between the first and second cryptographic devices occurs, the switching-destination cryptographic device does not execute the process for the discovery with the home side device. Item 4. The station-side device according to any one of Items 3 above.   5. The station-side apparatus according to claim 1, wherein the switching-destination encryption device takes over the encryption key used by the switching-source encryption device in the encrypted communication. A station side device,
A home device,
An optical line connecting the station side device and the home side device;
The station side device
A first encryption device for performing encrypted communication with the home device;
A second cryptographic device switchable between the first cryptographic device and
In switching between the first cryptographic device and the second cryptographic device, the station side device changes a system identifier included in a channel identifier used for the encrypted communication from a switching source cryptographic device to a switching destination. A PON system that takes over to a cryptographic device. A control method for a station-side apparatus that includes a first encryption device and a second encryption device that can be switched between the first encryption device and performs encrypted communication through an optical line,
Performing encrypted communication with a switching source encryption device of the first encryption device and the second encryption device;
Switching between the first cryptographic device and the second cryptographic device to change the system identifier included in the channel identifier used for the encrypted communication from the switching source cryptographic device to the switching destination cryptographic device. The steps to take over,
A control method for a station-side apparatus, comprising: performing encrypted communication with the switching destination encryption device of the first encryption device and the second encryption device.

Images