Authentication and initial key exchange in ethernet passive optical network over coaxial network

摘要

A method comprising generating an updated security key upon expiration of a key exchange timer, transferring the updated security key to a Coaxial Network Unit (CNU), retaining an original key, wherein the updated security key comprises a different key identification number than the original key, accepting and decrypting upstream traffic that employs either the original key or the updated key, after transferring the updated security key to the CNU, creating a key switchover timer, before the key switchover timer expires, verify that upstream traffic transferred from the CNU on a logical link uses the updated security key, and when upstream traffic is encrypted using the updated security key, begin using the updated security key to encrypt downstream traffic and clear the key switchover timer.

主权项

1. An Optical Line Terminal (OLT) comprising:
a receiver coupled to a Passive Optical Network (PON) and configured to receive a security key request from a Fiber Coaxial Unit (FCU) via the PON wherein the receiver is further configured to receive an upstream message from a Coaxial Network Unit (CNU) via the FCU and an Ethernet PON over Coaxial (EPoC) network; a processor coupled to the receiver and configured to:
generate a first security key responsive to the security key request from the FCU;encrypt the first security key in a security key response message;encrypt a downstream message with the first security key;decrypt the upstream first security key; andinitiate a switchover from the first security key to a second security key upon expiration of a timer; a transmitter coupled to the processor and configured to transmit the security key response message comprising the encrypted first security key to the FCU via the PON, wherein the transmitter is further configured to transmit the downstream message toward the CNU via the FCU and the EPoC network, wherein the switchover comprises:
generating and encrypting the second security key by the processor;transmitting the encrypted second security key toward the CNU by the transmitter;encrypting downstream traffic with the first security key until the receiver receives upstream traffic from the CNU that is encrypted with the second security key; andencrypting downstream traffic with the second security key in response to receiving upstream traffic that is encrypted with the second security key.