WO2017077760A1 - Station-side device, information management device, terminal authentication method and information management method - Google Patents

Station-side device, information management device, terminal authentication method and information management method Download PDF

Info

Publication number
WO2017077760A1
WO2017077760A1 PCT/JP2016/074776 JP2016074776W WO2017077760A1 WO 2017077760 A1 WO2017077760 A1 WO 2017077760A1 JP 2016074776 W JP2016074776 W JP 2016074776W WO 2017077760 A1 WO2017077760 A1 WO 2017077760A1
Authority
WO
WIPO (PCT)
Prior art keywords
side device
authentication
home
station
information
Prior art date
Application number
PCT/JP2016/074776
Other languages
French (fr)
Japanese (ja)
Inventor
欣邦 前山
久嗣 片山
豊田 重治
征彦 寺沢
Original Assignee
住友電気工業株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 住友電気工業株式会社 filed Critical 住友電気工業株式会社
Publication of WO2017077760A1 publication Critical patent/WO2017077760A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/44Star or tree networks

Definitions

  • the present invention relates to a station side device, an information management device, a terminal authentication method, and an information management method.
  • This application claims priority based on Japanese Patent Application No. 2015-216602 filed on Nov. 4, 2015, and incorporates all the description content described in the above Japanese application.
  • Non-Patent Document 1 discloses one method of a passive optical network (PON).
  • PON is a medium sharing type communication, and a plurality of home side devices (ONU: Optical Network Unit) share an optical communication line and perform data transmission with a station side device (OLT: Optical Line Terminal).
  • ONU Optical Network Unit
  • OLT Optical Line Terminal
  • Patent Document 1 discloses the following configuration.
  • the home gateway device is connected to a network system including a management server that manages the communication amount for each terminal.
  • the in-home gateway device includes a switch unit, a measurement unit that measures a communication amount of a terminal connected to the switch unit, a notification unit that notifies the management server of the communication amount measured by the measurement unit, and IEEE 802 by a supplicant.
  • Authentication request means for performing 1x authentication.
  • an accounting management system for a network system that includes the in-home gateway device and a management server that manages the amount of traffic for each terminal, keepalive that periodically sends out EAPoL (Extended Authentication Protocol over LAN) to check the session status And a concentrator having IEEE 802.1x authentication means.
  • EAPoL Extended Authentication Protocol over LAN
  • JP 2007-226620 A JP 2003-169069 A JP 2004-260243 A JP 2006-352223 A JP 2014-192611 A
  • IEEE Std 802.3ah registered trademark
  • the station-side device includes an acquisition unit that acquires setting information corresponding to the identification information of the home-side device notified from the home-side device, and the setting information acquired by the acquisition unit.
  • a communication unit that communicates with the home-side device, and the setting information includes authentication information of a terminal device connected to the home-side device, and further uses the authentication information to authenticate the terminal device.
  • the authentication part which performs is provided.
  • the information management device includes a storage unit that stores setting information for each home-side device used by the station-side device for communication with the home-side device, and among the setting information stored in the storage unit, A granting unit for giving the setting information corresponding to the identification information of the home side device notified from the station side device to the station side device, and the setting information is stored in a terminal device connected to the home side device. Contains authentication information.
  • the terminal authentication method is a terminal authentication method in a station-side device, and obtains setting information corresponding to the identification information of the home-side device notified from the home-side device from another device. And communicating with the home side device using the acquired setting information, the setting information including authentication information of a terminal device connected to the home side device, and the authentication information And a step of performing authentication processing of the terminal device using.
  • the information management method is an information management method in an information management device, the step of storing setting information for each home device used by a station device for communication with a home device, Providing the setting information corresponding to the identification information of the home side device notified from the station side device among the setting information to the station side device, and the setting information is connected to the home side device Authentication information of the terminal device.
  • FIG. 1 is a diagram showing a configuration of a PON system according to an embodiment of the present invention.
  • FIG. 2 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention.
  • FIG. 3 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention.
  • FIG. 4 is a diagram showing an example of a sequence from when the ONU links up until communication traffic starts flowing in the PON system according to the embodiment of the present invention.
  • FIG. 5 is a diagram showing a configuration of a station side device in the PON system according to the embodiment of the present invention.
  • FIG. 6 is a diagram showing a configuration of a server in the PON system according to the embodiment of the present invention.
  • FIG. 1 is a diagram showing a configuration of a PON system according to an embodiment of the present invention.
  • FIG. 2 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment
  • FIG. 7 is a diagram showing a configuration of a modified example of the PON system according to the embodiment of the present invention.
  • FIG. 8 is a diagram showing an example of a sequence from when the ONU links up until communication traffic starts flowing in a modification of the PON system according to the embodiment of the present invention.
  • FIG. 9 is a diagram showing a configuration of a station-side device in a modification of the PON system according to the embodiment of the present invention.
  • the authentication unit of the line concentrator corresponding to the station side device uses the information included in the EAPoL start message sent from the authentication request unit of the home gateway device corresponding to the home side device. An inquiry is made to the RADIUS server to authenticate whether or not the user is a registered regular user (terminal). When authenticated by this authentication means, the in-home gateway device can communicate with the uplink side via the switch means of the line concentrator.
  • the home side device establishes a link-up, that is, establishes a communication connection with the station side device through discovery processing, etc., and then the station side device transmits various setting information used by the home side device for communication to the home side device. To do.
  • the present disclosure relates to a station-side device, an information management device, a terminal authentication method, and information that can easily suppress a delay in communication start due to a load of authentication processing in a system in which a station-side device and a home-side device can communicate Provide management methods.
  • the station-side device includes an acquisition unit that acquires setting information corresponding to the identification information of the home-side device notified from the home-side device, and the acquisition unit.
  • a communication unit that communicates with the home-side device using the acquired setting information, the setting information including authentication information of a terminal device connected to the home-side device, and further using the authentication information
  • an authentication unit for performing authentication processing of the terminal device.
  • Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing authentication processing of the terminal device. Furthermore, since the load of authentication processing in the communication system can be distributed to each station side device, the time from when the home side device links up until the communication traffic actually starts to flow between the terminal device and the station side device Can be shortened. Furthermore, the configuration in which the authentication information corresponding to the identification information of the home device is acquired from another device eliminates the need for the operator to know in advance which station device is connected to which home device. For this reason, the registration work can be simplified and the possibility that setting information having incorrect contents is registered can be reduced. Therefore, in a system in which the station side device and the home side device can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
  • a special authentication server such as a RADIUS server for performing authentication processing of the terminal device.
  • the station side device includes a plurality of the communication units and a plurality of the authentication units provided corresponding to the communication units, respectively.
  • the load of authentication processing in the communication system can be distributed for each communication unit.
  • the station side device includes a control board and a plurality of circuit boards, and the control board includes the acquisition unit, and each of the circuit boards includes the communication unit and the corresponding authentication. And a storage unit for storing the authentication information.
  • the station side apparatus provided with a plurality of one control board and a plurality of circuit boards including the communication unit, it is possible to further distribute the authentication processing load in the communication system for each circuit board. .
  • the processing load on the control board where processing is concentrated is reduced, so that it is possible to avoid using an expensive device such as a high-spec CPU for the station side device. Therefore, the cost of the entire apparatus can be reduced.
  • the information management device stores the setting information for each home device used by the station device for communication with the home device, and is stored in the storage unit.
  • a setting unit that gives the setting information corresponding to the identification information of the home-side device notified from the station-side device among the setting information, and the setting information is the home-side device Authentication information of the terminal device connected to the.
  • Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing authentication processing of the terminal device. Furthermore, since the load of authentication processing in the communication system can be distributed to each station side device, the time from when the home side device links up until the communication traffic actually starts to flow between the terminal device and the station side device Can be shortened. Furthermore, the configuration in which authentication information corresponding to the identification information of the home-side device notified from the station-side device is given to the station-side device allows the operator to know in advance which station-side device is connected to which home-side device. There is no need to do it. For this reason, the registration work can be simplified and the possibility that setting information having incorrect contents is registered can be reduced. Therefore, in a system in which the station side device and the home side device can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
  • a special authentication server such as a RADIUS server for performing authentication processing of the terminal device.
  • a terminal authentication method is a terminal authentication method in a station side device, and setting information corresponding to the identification information of the home side device notified from the home side device is transmitted to another device. And the step of communicating with the home side device using the acquired setting information, the setting information includes authentication information of a terminal device connected to the home side device, and A step of performing authentication processing of the terminal device using authentication information.
  • Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing authentication processing of the terminal device. Furthermore, since the load of authentication processing in the communication system can be distributed to each station side device, the time from when the home side device links up until the communication traffic actually starts to flow between the terminal device and the station side device Can be shortened. Furthermore, the configuration in which the authentication information corresponding to the identification information of the home device is acquired from another device eliminates the need for the operator to know in advance which station device is connected to which home device. For this reason, the registration work can be simplified and the possibility that setting information having incorrect contents is registered can be reduced. Therefore, in a system in which the station side device and the home side device can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
  • a special authentication server such as a RADIUS server for performing authentication processing of the terminal device.
  • An information management method is an information management method in an information management device, and stores setting information for each home device used by a station device for communication with the home device. And the step of giving the setting information corresponding to the identification information of the home side device notified from the station side device among the stored setting information to the station side device, It includes authentication information of a terminal device connected to the home device.
  • Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing authentication processing of the terminal device. Furthermore, since the load of authentication processing in the communication system can be distributed to each station side device, the time from when the home side device links up until the communication traffic actually starts to flow between the terminal device and the station side device Can be shortened. Furthermore, the configuration in which authentication information corresponding to the identification information of the home-side device notified from the station-side device is given to the station-side device allows the operator to know in advance which station-side device is connected to which home-side device. There is no need to do it. For this reason, the registration work can be simplified and the possibility that setting information having incorrect contents is registered can be reduced. Therefore, in a system in which the station side device and the home side device can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
  • a special authentication server such as a RADIUS server for performing authentication processing of the terminal device.
  • FIG. 1 is a diagram showing a configuration of a PON system according to an embodiment of the present invention.
  • a PON system 301 includes a station side device 101, a plurality of ONUs 202, a plurality of terminal devices 151 connected to the plurality of ONUs 202, an operator terminal 152, and a server (information management device) 161.
  • the station apparatus 101 includes a control card (control board) 51 and a plurality of line cards (line boards) 52.
  • FIG. 1 representatively shows two station side devices 101.
  • the PON system 301 may be configured to further include a large number of station-side devices 101 or may be configured to include one station-side device 101.
  • FIG. 1 representatively shows two line cards 52 in the station side apparatus 101.
  • the station apparatus 101 may be configured to further include a number of line cards 52 or may be configured to include one line card 52.
  • one ONU 202 is connected to one line card 52, but also a configuration in which a plurality of ONUs 202 are connected to one line card 52 via a splitter or the like.
  • the configuration is not limited to one terminal device 151 connected to one ONU 202, and a plurality of terminal devices 151 may be connected to one ONU 202.
  • the ONU 202 and the station side device 101 are connected via an optical fiber and transmit / receive optical signals to / from each other.
  • optical signals from each ONU 202 to the station side apparatus 101 are time-division multiplexed.
  • the terminal device 151 is, for example, an HGW (home gateway).
  • the terminal device 151 transmits communication data such as an IP packet received from a not-shown notebook PC (personal computer) and an IP phone to the ONU 202.
  • the ONU 202 receives communication data in the form of an electrical signal from the terminal device 151, and generates an uplink frame including the communication data.
  • the ONU 202 converts the upstream frame into an optical signal and transmits the optical signal to the line card 52 in the station side apparatus 101.
  • the line card 52 converts the optical signal received from the ONU 202 into an electrical signal.
  • the line card 52 reconstructs the upstream frame from the converted electrical signal and outputs the upstream frame to the control card 51.
  • the control card 51 multiplexes the upstream frame received from each line card 52 and transmits it to the network 401.
  • the control card 51 distributes the downstream frame received from the network 401 to each line card 52.
  • the line card 52 receives a downstream frame in the form of an electrical signal from the control card 51 and converts the downstream frame into an optical signal.
  • the line card 52 transmits an optical signal to the ONU 202.
  • the ONU 202 receives an optical signal from the line card 52 in the station side device 101 and converts the optical signal into an electric signal.
  • the ONU 202 reconstructs a downlink frame from the converted electrical signal, and transmits, for example, communication data included in the downlink frame to the terminal device 151.
  • the terminal device 151 receives, for example, communication data such as an IP packet from the ONU 202, and transmits the communication data to a notebook PC and an IP phone (not shown).
  • the PON system 301 operates in a DPoE mode that conforms to, for example, DPoE (Data Over Cable Service Interface Specification Providing of EPON) standard.
  • DPoE Data Over Cable Service Interface Specification Providing of EPON
  • the server 161 holds a configuration file (Config file; Configuration file is abbreviated in this way) for each ONU 202 used by the station-side apparatus 101 for communication with the ONU 202.
  • the configuration file includes various setting information that the ONU 202 uses for communication and the like. Specifically, for example, the configuration file includes line information such as the maximum bandwidth, minimum guaranteed bandwidth, priority, and service class of the ONU 202.
  • the priority is a priority of data to be communicated.
  • the service class is contract contents for business and residential use.
  • the station side apparatus 101 After the ONU 202 establishes a link-up, that is, a communication connection with the station side apparatus 101 through the discovery process or the like, the station side apparatus 101 acquires a configuration file from the server 161. For example, the station-side apparatus 101 provides part or all of the acquired configuration file information to the ONU 202 using the extended OAM or the like, and sets it to itself.
  • FIG. 2 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention.
  • the PON system 311 includes a station side device 111, an authentication server 162, an authentication information database 163, a plurality of ONUs 202, a plurality of terminal devices 151 connected to the plurality of ONUs 202, and an operator.
  • a terminal 152 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention.
  • the PON system 311 includes a station side device 111, an authentication server 162, an authentication information database 163, a plurality of ONUs 202, a plurality of terminal devices 151 connected to the plurality of ONUs 202, and an operator.
  • a terminal 152 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention.
  • the PON system 311 includes a station side device 111, an authentication server 162, an authentication information database 16
  • the operator terminal 152 registers authentication information such as the MAC address, user ID, and password of the terminal device 151 in the authentication information database 163 via the authentication server 162 in accordance with the operation of the operator.
  • An “operator” is, for example, an operator of a provider who provides a communication service using a PON system.
  • the authentication server 162 performs authentication processing of the terminal device 151. More specifically, the authentication server 162 is registered in the authentication information database 163 with authentication information such as a MAC address, a user ID, and a password included in the authentication request received from the terminal device 151 via the ONU 202 and the station-side device 111. The authentication information is verified. For example, the authentication information is registered in the terminal device 151 by the above business operator before installation.
  • the station apparatus 111 does not permit transmission of communication data such as IP packets between the terminal apparatus 151 and the network 401 until an authentication response indicating successful authentication is received from the authentication server 162.
  • an authentication response indicating successful authentication arrives at the station side device 111 from the authentication server 162, the transmission is permitted and communication traffic starts to flow between the terminal device 151 and the network 401.
  • the processing load on the authentication server may increase. In such a case, the time from when the ONU 202 links up until the communication traffic actually starts to flow between the terminal device 151 and the network 401 becomes longer.
  • FIG. 3 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention.
  • the PON system 312 includes a station side device 112, a plurality of ONUs 202, a plurality of terminal devices 151 connected to the plurality of ONUs 202, and an operator terminal 152.
  • control card 51 in the station side device 112 holds the authentication information of the terminal device 151.
  • the operator terminal 152 registers a configuration file including authentication information such as the MAC address, user ID, and password of the terminal device 151 in the control card 51 in accordance with the operation of the operator.
  • the control card 51 performs authentication processing of the terminal device 151. More specifically, the control card 51 collates authentication information such as a MAC address, user ID, and password included in the authentication request received from the terminal device 151 via the ONU 202 and the line card 52 with the authentication information held by itself. To do.
  • the station side device 112 does not permit transmission of communication data such as an IP packet between the terminal device 151 and the network 401.
  • the transmission is permitted and communication traffic starts to flow between the terminal device 151 and the network 401.
  • the load of authentication processing in the PON system 312 can be distributed to each station side device 112. Therefore, it is possible to shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
  • the station apparatus 101 acquires a configuration file corresponding to identification information such as the MAC address of the ONU 202 notified from the ONU 202 from the server 161.
  • the station side apparatus 101 performs the authentication process of the terminal apparatus 151 using the authentication information included in the acquired configuration file.
  • the line card 52 in the station side device 101 holds the authentication information of the reference terminal device 151.
  • the line card 52 performs authentication processing of the terminal device 151. More specifically, the line card 52 collates authentication information such as a MAC address, a user ID, and a password included in the authentication request received from the terminal device 151 via the ONU 202 with the authentication information held by itself.
  • authentication information such as a MAC address, a user ID, and a password included in the authentication request received from the terminal device 151 via the ONU 202 with the authentication information held by itself.
  • Each device in the PON system 301 includes a computer.
  • An arithmetic processing unit such as a CPU in the computer reads and executes a program including a part or all of each step of the following sequence from a memory (not shown).
  • Each of the programs of the plurality of apparatuses can be installed from the outside.
  • Each of the programs of the plurality of apparatuses can be distributed while being stored in a recording medium.
  • FIG. 4 is a diagram illustrating an example of a sequence from when the ONU links up until communication traffic starts flowing in the PON system according to the embodiment of the present invention.
  • operator terminal 152 creates a configuration file for each ONU 202 in PON system 301 using information such as a customer database (not shown) in accordance with the operation of the operator, and transmits the configuration file to server 161.
  • This configuration file includes, for example, line information and authentication information of one or more terminal devices 151 connected to each ONU 202 (step S1).
  • the server 161 stores the configuration file of each ONU 202 received from the operator terminal 152 (step S2).
  • the ONU 202 transmits a connection request to the line card 52 in the station side device 101.
  • This connection request includes identification information such as the MAC address of the ONU 202 (step S3).
  • the line card 52 outputs the connection request received from the ONU 202 to the control card 51 (step S4).
  • the control card 51 receives a connection request from the line card 52 and transmits a configuration file request including identification information included in the connection request to the server 161 (step S5).
  • the server 161 receives the configuration file request from the control card 51 in the station side apparatus 101, and acquires a configuration file corresponding to the identification information included in the configuration file request from the stored configuration files (step S6). ). The server 161 transmits the configuration file to the station side device 101 (step S7).
  • the control card 51 analyzes the configuration file received from the server 161, and extracts line information and authentication information from the configuration file (step S8).
  • the control card 51 outputs the extracted line information to the line card 52 (step S9).
  • the line card 52 transmits / receives various information to / from the ONU 202 using the line information received from the control card 51. Thereby, the line card 52 performs a line setting process that enables communication with the ONU 202 (step S10).
  • the control card 51 outputs the extracted reference authentication information to the line card 52 (step S11).
  • the line card 52 stores the authentication information received from the control card 51 (step S12).
  • the terminal device 151 transmits an authentication request including authentication information to the ONU 202 (step S13).
  • the ONU 202 transmits the authentication request received from the terminal device 151 to the line card 52 in the station side device 101 (step S14).
  • the line card 52 collates the authentication information included in the authentication request received from the ONU 202 with the authentication information held by itself (step S15).
  • the line card 52 transmits an authentication response indicating successful authentication to the ONU 202 (step S16).
  • the line card 52 transmits a communication permission indicating that the communication between the terminal device 151 and the network 401 is permitted to the ONU 202 (step S17).
  • the ONU 202 transmits the authentication response received from the line card 52 in the station side device 101 to the terminal device 151.
  • the ONU 202 receives communication permission from the line card 52 in the station side device 101, and permits transmission of communication data such as IP packets between the terminal device 151 and the network 401 (step S18).
  • the terminal device 151 receives authentication information indicating successful authentication, and transmits communication data such as an IP packet to the ONU 202 (step S19).
  • the ONU 202 transmits the communication data received from the terminal device 151 to the line card 52 in the station side device 101 (step S20).
  • the line card 52 outputs the communication data received from the ONU 202 to the control card 51 (step S21).
  • the control card 51 transmits the communication data received from the line card 52 to the network 401.
  • communication data is transmitted and received between the network 401 and the terminal device 151 via the station-side device 101 and the ONU 202.
  • step S9 and step S11 can be switched.
  • FIG. 5 is a diagram showing a configuration of the station side device in the PON system according to the embodiment of the present invention.
  • one control card 51 and one line card 52 are representatively shown.
  • the station apparatus 101 includes an acquisition unit 11, a communication unit 12, an authentication unit 13, and a storage unit 14.
  • the acquisition unit 11 is included in the control card 51.
  • the communication unit 12, the authentication unit 13, and the storage unit 14 are included in the line card 52.
  • the acquisition unit 11 acquires the setting information corresponding to the identification information, for example, the MAC address, of the ONU 202 notified from the ONU 202 from another device, for example, the server 161.
  • This setting information includes authentication information of the terminal device 151 connected to the ONU 202.
  • the communication unit 12 communicates with the ONU 202 using the setting information acquired by the acquisition unit 11.
  • the authentication unit 13 performs authentication processing of the terminal device 151 using authentication information included in the setting information.
  • the communication unit 12 outputs the connection request received from the ONU 202 to the acquisition unit 11.
  • the acquisition unit 11 receives a connection request from the communication unit 12 and transmits a configuration file request including identification information included in the connection request to the server 161.
  • the acquisition unit 11 receives a configuration file corresponding to the identification information from the server 161, analyzes the configuration file, extracts line information and authentication information from the configuration file, and transmits the line information and authentication information to the communication unit 12 and the authentication unit 13, respectively. Output.
  • the communication unit 12 performs line setting processing with the ONU 202 using the line information received from the acquisition unit 11.
  • the authentication unit 13 stores the authentication information received from the acquisition unit 11 in the storage unit 14.
  • the authentication unit 13 acquires authentication information corresponding to an authentication request received via the ONU 202 and the communication unit 12, for example, authentication information of a MAC address that matches the MAC address included in the authentication information from the storage unit 14.
  • the authentication unit 13 collates the acquired authentication information with the authentication information included in the authentication request.
  • the authentication unit 13 notifies the communication unit 12 of the collation result.
  • the communication unit 12 transmits to the ONU 202 an authentication response indicating the authentication success or the authentication failure, which is the collation result received from the authentication unit 13.
  • the station-side device 101 includes a plurality of communication units 12 and a plurality of authentication units 13 provided corresponding to the plurality of communication units 12, respectively.
  • the station apparatus 101 includes a plurality of line cards 52, for example.
  • Each of the plurality of line cards 52 includes a communication unit 12, a corresponding authentication unit 13, and a storage unit 14.
  • FIG. 6 is a diagram showing a server configuration in the PON system according to the embodiment of the present invention.
  • the server 161 includes a granting unit 31, a storage unit 32, and a registration unit 33.
  • the storage unit 32 stores setting information for each ONU 202 used by the station-side device 101 for communication with the ONU 202.
  • the granting unit 31 gives the setting information corresponding to the identification information of the ONU 202 notified from the station side device 101 among the setting information stored in the storage unit 32 to the station side device 101.
  • the setting information includes authentication information of the terminal device 151 connected to the ONU 202.
  • the registration unit 33 stores the configuration file of each ONU 202 in the PON system 301 received from the operator terminal 152 in the storage unit 32.
  • the grant unit 31 receives a configuration file request from the acquisition unit 11 in the station side device 101.
  • the assigning unit 31 acquires a configuration file corresponding to the identification information included in the configuration file request from the configuration files in the storage unit 32 and transmits the configuration file to the acquisition unit 11.
  • the station-side device 101 is not limited to a configuration in which authentication information is stored in the line card 52 and authentication processing is performed.
  • the station apparatus 101 may have a configuration for storing authentication information in the control card 51 and performing authentication processing.
  • FIG. 7 is a diagram showing a configuration of a modified example of the PON system according to the embodiment of the present invention. This modification is the same as the PON system 301 except for the contents described below.
  • the PON system 302 includes a station-side device 102, a server 161, a plurality of ONUs 202, a plurality of terminal devices 151 connected to the plurality of ONUs 202, and an operator terminal 152, respectively.
  • the station apparatus 101 includes a control card (control board) 51 and a plurality of line cards (line boards) 52.
  • control card 51 in the station side device 102 holds the authentication information of the reference terminal device 151.
  • the control card 51 performs authentication processing of the terminal device 151. More specifically, the control card 51 collates authentication information such as a MAC address, user ID, and password included in the authentication request received from the terminal device 151 via the ONU 202 and the line card 52 with the authentication information held by itself. To do.
  • FIG. 8 is a diagram showing an example of a sequence from when the ONU links up until communication traffic starts to flow in a modification of the PON system according to the embodiment of the present invention.
  • steps S21 to S30 are the same as steps S1 to S10 in the sequence shown in FIG.
  • the control card 51 stores the extracted authentication information for reference (step S31).
  • the terminal device 151 transmits an authentication request including authentication information to the ONU 202 (step S32).
  • the ONU 202 transmits the authentication request received from the terminal device 151 to the line card 52 in the station side device 102 (step S33).
  • the line card 52 outputs the authentication request received from the ONU 202 to the control card 51 (step S34).
  • the control card 51 collates the authentication information included in the authentication request received from the line card 52 with the authentication information held by itself (step S35).
  • control card 51 If the authentication information received from the line card 52 matches the authentication information held by itself, the control card 51 outputs an authentication response indicating a successful authentication to the line card 52 (step S36).
  • the control card 51 outputs a communication permission indicating that communication between the terminal device 151 and the network 401 is permitted to the line card 52 (step S37).
  • the line card 52 transmits the authentication response received from the control card 51 to the ONU 202 (step S38).
  • the line card 52 transmits the communication permission received from the control card 51 to the ONU 202 (step S39).
  • steps S40 to S43 is the same as that of steps S18 to S21 in the sequence shown in FIG.
  • step S29 and step S31 can be interchanged.
  • FIG. 9 is a diagram showing a configuration of a station side device in a modification of the PON system according to the embodiment of the present invention.
  • one control card 51 and one line card 52 are representatively shown.
  • the station side device 102 includes an acquisition unit 11, a communication unit 12, an authentication unit 13, and a storage unit 14.
  • the acquisition unit 11, the authentication unit 13, and the storage unit 14 are included in the control card 51.
  • the communication unit 12 is included in the line card 52.
  • the acquisition unit 11 acquires the setting information corresponding to the identification information, for example, the MAC address, of the ONU 202 notified from the ONU 202 from another device, for example, the server 161.
  • This setting information includes authentication information of the terminal device 151 connected to the ONU 202.
  • the communication unit 12 communicates with the ONU 202 using the setting information acquired by the acquisition unit 11.
  • the authentication unit 13 performs authentication processing of the terminal device 151 using authentication information included in the setting information.
  • the communication unit 12 outputs the connection request received from the ONU 202 to the acquisition unit 11.
  • the acquisition unit 11 receives a connection request from the communication unit 12 and transmits a configuration file request including identification information included in the connection request to the server 161.
  • the acquisition unit 11 receives a configuration file corresponding to the identification information from the server 161 and analyzes the configuration file.
  • the acquisition unit 11 extracts line information and authentication information from the configuration file, outputs the line information to the communication unit 12, and stores the authentication information in the storage unit 14.
  • the communication unit 12 performs line setting processing with the ONU 202 using the line information received from the acquisition unit 11.
  • the authentication unit 13 acquires authentication information corresponding to an authentication request received via the ONU 202 and the communication unit 12, for example, authentication information of a MAC address that matches the MAC address included in the authentication information from the storage unit 14.
  • the authentication unit 13 collates the acquired authentication information with the authentication information included in the authentication request.
  • the authentication unit 13 notifies the communication unit 12 of the collation result.
  • the communication unit 12 transmits to the ONU 202 an authentication response indicating the authentication success or the authentication failure, which is the collation result received from the authentication unit 13.
  • the station-side device 102 includes a plurality of communication units 12.
  • the station apparatus 101 includes a plurality of line cards 52, for example.
  • Each of the plurality of line cards 52 includes the communication unit 12.
  • the station apparatus has a configuration including a control card and a line card, but is not limited to this.
  • the station side device only needs to include an acquisition unit, a communication unit, and an authentication unit.
  • a configuration in which these units are included in one card may be used, or a configuration in which these units are distributed to a plurality of types of cards in a combination different from the above may be used.
  • the acquisition unit 11 acquires setting information corresponding to the identification information of the ONU 202 notified from the ONU 202 from another apparatus.
  • the communication unit 12 communicates with the ONU 202 using the setting information acquired by the acquisition unit 11.
  • This setting information includes authentication information of the terminal device 151 connected to the ONU 202.
  • the authentication unit 13 performs authentication processing of the terminal device 151 using the authentication information.
  • Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151. Further, the load of authentication processing in the PON system can be distributed to each station side device. Therefore, it is possible to shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
  • a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151.
  • the configuration in which the authentication information corresponding to the identification information of the ONU 202 is acquired from the server 161 eliminates the need for the operator to know in advance which station-side device is connected to which ONU 202. For this reason, the registration work can be simplified, and the possibility that a configuration file having an incorrect content is registered can be reduced.
  • the station-side device in the system in which the station-side device and the home-side device can communicate, it is possible to easily suppress a communication start delay due to a load of authentication processing.
  • the station apparatus includes a plurality of communication units 12 and a plurality of authentication units 13 provided corresponding to the communication units 12, respectively.
  • the load of authentication processing in the PON system can be distributed for each communication unit 12 unit. Therefore, it is possible to further shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
  • the station apparatus includes a control card 51 and a plurality of line cards 52.
  • the control card 51 includes the acquisition unit 11.
  • Each of the line cards 52 includes a communication unit 12, a corresponding authentication unit 13, and a storage unit 14 that stores authentication information.
  • the station side apparatus provided with a plurality of one control card and a plurality of line cards including the communication unit 12, it is possible to further distribute the authentication processing load in the PON system for each line card. it can. For this reason, it is possible to reduce the processing load on the control card 51 where processing is concentrated, and to avoid the use of expensive devices such as high-spec CPUs in the station side apparatus. Therefore, the cost of the entire apparatus can be reduced.
  • the storage unit 32 stores setting information for each ONU 202 used by the station side device for communication with the ONU 202.
  • the assigning unit 31 provides setting information corresponding to the identification information of the ONU 202 notified from the station side device among the setting information stored in the storage unit 32 to the station side device.
  • the setting information includes authentication information of the terminal device 151 connected to the ONU 202.
  • Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151. Further, the load of authentication processing in the PON system can be distributed to each station side device. For this reason, it is possible to reduce the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
  • a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151.
  • the information management apparatus in the system in which the station side apparatus and the home side apparatus can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
  • setting information corresponding to the identification information of the ONU 202 notified from the ONU 202 is acquired from another apparatus. Next, it communicates with the ONU 202 using the acquired setting information.
  • the setting information includes authentication information of the terminal device 151 connected to the ONU 202. Next, authentication processing of the terminal device 151 is performed using the authentication information.
  • Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151. Further, the load of authentication processing in the PON system can be distributed to each station side device. Therefore, it is possible to shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
  • a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151.
  • the configuration in which the authentication information corresponding to the identification information of the ONU 202 is acquired from the server 161 eliminates the need for the operator to know in advance which station side device is connected to which ONU 202. It is possible to reduce the possibility of registering a configuration file with incorrect contents.
  • the terminal authentication method in a system in which the station side device and the home side device can communicate, it is possible to easily suppress a delay in communication start due to a load of authentication processing.
  • the setting information for each ONU 202 used by the station side apparatus for communication with the ONU 202 is stored.
  • setting information corresponding to the identification information of the ONU 202 notified from the station side device is given to the station side device.
  • the setting information includes authentication information of the terminal device 151 connected to the ONU 202.
  • Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151. Further, the load of authentication processing in the PON system can be distributed to each station side device. Therefore, it is possible to shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
  • a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151.
  • the configuration in which authentication information corresponding to the identification information of the ONU 202 notified from the station side device is given to the station side device eliminates the need for the operator to know in advance which station side device is connected to which ONU 202. . For this reason, the registration work can be simplified, and the possibility that a configuration file having an incorrect content is registered can be reduced.
  • An acquisition unit that acquires setting information corresponding to the identification information of the home-side device notified from the home-side device;
  • a communication unit that communicates with the home device using the setting information acquired by the acquisition unit;
  • the setting information includes authentication information of a terminal device connected to the home device, further, An authentication unit that performs authentication processing of the terminal device using the authentication information,
  • the terminal device is a home gateway;
  • a station-side device that operates according to DPoE.
  • the setting information includes authentication information of a terminal device connected to the home device,
  • the storage unit stores the setting information used by a plurality of the station side devices,
  • the terminal device is a home gateway;
  • the station side device is an information management device that operates according to DPoE.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

This station-side device is provided with: an acquiring unit which acquires, from another device, setting information corresponding to identification information of a home-side device notified from the home-side device; and a communication unit which communicates with the home-side device using the setting information acquired using the acquiring unit. The setting information includes authentication information of a terminal device connected to the home-side device, and the station-side device is additionally provided with an authentication unit which performs a process of authenticating the terminal device using the authentication information.

Description

局側装置、情報管理装置、端末認証方法および情報管理方法Station side device, information management device, terminal authentication method and information management method
 本発明は、局側装置、情報管理装置、端末認証方法および情報管理方法に関する。
 本出願は、2015年11月4日出願の日本出願第2015-216602号に基づく優先権を主張し、前記日本出願に記載された全ての記載内容を援用するものである。 The present invention relates to a station side device, an information management device, a terminal authentication method, and an information management method.
This application claims priority based on Japanese Patent Application No. 2015-216602 filed on Nov. 4, 2015, and incorporates all the description content described in the above Japanese application.
 IEEE Std 802.3ah(登録商標)-2004(非特許文献1)は、受動的光ネットワーク(PON:Passive Optical Network)の1つの方式を開示する。PONは媒体共有形通信であり、複数の宅側装置(ONU:Optical Network Unit)は、光通信回線を共有して、局側装置(OLT:Optical Line Terminal)とのデータ伝送を行なう。 IEEE Std 802.3ah (registered trademark) -2004 (Non-Patent Document 1) discloses one method of a passive optical network (PON). PON is a medium sharing type communication, and a plurality of home side devices (ONU: Optical Network Unit) share an optical communication line and perform data transmission with a station side device (OLT: Optical Line Terminal).
 たとえば、特開2007-226620号公報(特許文献1)は、以下の構成を開示する。宅内ゲートウェイ装置は、端末ごとの通信量を管理する管理サーバを備えたネットワークシステムに接続される。宅内ゲートウェイ装置は、スイッチ手段と、前記スイッチ手段に接続される端末の通信量を計測する計測手段と、前記計測手段が計測した通信量を前記管理サーバに通知する通知手段と、サプリカントによるIEEE802.1x認証を行なう認証要求手段とを備える。当該宅内ゲートウェイ装置と、端末ごとの通信量を管理する管理サーバとを備えるネットワークシステムのアカウンティング管理方式において、EAPoL(Extended Authentication Protcol over LAN)を定期的に送出してセッションの状態を確認するキープアライブ手段と、IEEE802.1x認証の認証手段とを有する集線装置とが設けられる。 For example, Japanese Patent Laid-Open No. 2007-226620 (Patent Document 1) discloses the following configuration. The home gateway device is connected to a network system including a management server that manages the communication amount for each terminal. The in-home gateway device includes a switch unit, a measurement unit that measures a communication amount of a terminal connected to the switch unit, a notification unit that notifies the management server of the communication amount measured by the measurement unit, and IEEE 802 by a supplicant. Authentication request means for performing 1x authentication. In an accounting management system for a network system that includes the in-home gateway device and a management server that manages the amount of traffic for each terminal, keepalive that periodically sends out EAPoL (Extended Authentication Protocol over LAN) to check the session status And a concentrator having IEEE 802.1x authentication means.
特開2007-226620号公報JP 2007-226620 A 特開2003-169069号公報JP 2003-169069 A 特開2004-260243号公報JP 2004-260243 A 特開2006-352223号公報JP 2006-352223 A 特開2014-192611号公報JP 2014-192611 A
 この開示に係る局側装置は、宅側装置から通知された前記宅側装置の識別情報に対応する設定情報を他の装置から取得する取得部と、前記取得部によって取得された前記設定情報を用いて前記宅側装置と通信する通信部とを備え、前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含み、さらに、前記認証情報を用いて前記端末装置の認証処理を行なう認証部を備える。 The station-side device according to this disclosure includes an acquisition unit that acquires setting information corresponding to the identification information of the home-side device notified from the home-side device, and the setting information acquired by the acquisition unit. A communication unit that communicates with the home-side device, and the setting information includes authentication information of a terminal device connected to the home-side device, and further uses the authentication information to authenticate the terminal device. The authentication part which performs is provided.
 この開示に係る情報管理装置は、宅側装置との通信に局側装置が用いる前記宅側装置ごとの設定情報を記憶する記憶部と、前記記憶部に記憶された各前記設定情報のうち、前記局側装置から通知された前記宅側装置の識別情報に対応する前記設定情報を前記局側装置に与える付与部とを備え、前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含む。 The information management device according to the present disclosure includes a storage unit that stores setting information for each home-side device used by the station-side device for communication with the home-side device, and among the setting information stored in the storage unit, A granting unit for giving the setting information corresponding to the identification information of the home side device notified from the station side device to the station side device, and the setting information is stored in a terminal device connected to the home side device. Contains authentication information.
 この開示に係る端末認証方法は、端末認証方法は、局側装置における端末認証方法であって、宅側装置から通知された前記宅側装置の識別情報に対応する設定情報を他の装置から取得するステップと、取得した前記設定情報を用いて前記宅側装置と通信するステップとを含み、前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含み、さらに、前記認証情報を用いて前記端末装置の認証処理を行なうステップを含む。 The terminal authentication method according to the present disclosure is a terminal authentication method in a station-side device, and obtains setting information corresponding to the identification information of the home-side device notified from the home-side device from another device. And communicating with the home side device using the acquired setting information, the setting information including authentication information of a terminal device connected to the home side device, and the authentication information And a step of performing authentication processing of the terminal device using.
 この開示に係る情報管理方法は、情報管理装置における情報管理方法であって、宅側装置との通信に局側装置が用いる前記宅側装置ごとの設定情報を記憶するステップと、記憶した各前記設定情報のうち、前記局側装置から通知された前記宅側装置の識別情報に対応する前記設定情報を前記局側装置に与えるステップとを含み、前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含む。 The information management method according to the present disclosure is an information management method in an information management device, the step of storing setting information for each home device used by a station device for communication with a home device, Providing the setting information corresponding to the identification information of the home side device notified from the station side device among the setting information to the station side device, and the setting information is connected to the home side device Authentication information of the terminal device.
図1は、本発明の実施の形態に係るPONシステムの構成を示す図である。FIG. 1 is a diagram showing a configuration of a PON system according to an embodiment of the present invention. 図2は、本発明の実施の形態に係るPONシステムの比較例の構成を示す図である。FIG. 2 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention. 図3は、本発明の実施の形態に係るPONシステムの比較例の構成を示す図である。FIG. 3 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention. 図4は、本発明の実施の形態に係るPONシステムにおいて、ONUがリンクアップしてから通信トラフィックが流れ始めるまでのシーケンスの一例を示す図である。FIG. 4 is a diagram showing an example of a sequence from when the ONU links up until communication traffic starts flowing in the PON system according to the embodiment of the present invention. 図5は、本発明の実施の形態に係るPONシステムにおける局側装置の構成を示す図である。FIG. 5 is a diagram showing a configuration of a station side device in the PON system according to the embodiment of the present invention. 図6は、本発明の実施の形態に係るPONシステムにおけるサーバの構成を示す図である。FIG. 6 is a diagram showing a configuration of a server in the PON system according to the embodiment of the present invention. 図7は、本発明の実施の形態に係るPONシステムの変形例の構成を示す図である。FIG. 7 is a diagram showing a configuration of a modified example of the PON system according to the embodiment of the present invention. 図8は、本発明の実施の形態に係るPONシステムの変形例において、ONUがリンクアップしてから通信トラフィックが流れ始めるまでのシーケンスの一例を示す図である。FIG. 8 is a diagram showing an example of a sequence from when the ONU links up until communication traffic starts flowing in a modification of the PON system according to the embodiment of the present invention. 図9は、本発明の実施の形態に係るPONシステムの変形例における局側装置の構成を示す図である。FIG. 9 is a diagram showing a configuration of a station-side device in a modification of the PON system according to the embodiment of the present invention.
 特許文献1に記載のシステムでは、局側装置に相当する集線装置の認証手段は、宅側装置に相当する宅内ゲートウェイ装置の認証要求手段から送られてくるEAPoL開始メッセージに含まれている情報をRADIUSサーバに問い合わせて、登録されている正規のユーザ(端末)であるか否かを認証する。この認証手段に認証されると、宅内ゲートウェイ装置は、集線装置のスイッチ手段を介してアップリンク側と疎通が可能になる。 In the system described in Patent Literature 1, the authentication unit of the line concentrator corresponding to the station side device uses the information included in the EAPoL start message sent from the authentication request unit of the home gateway device corresponding to the home side device. An inquiry is made to the RADIUS server to authenticate whether or not the user is a registered regular user (terminal). When authenticated by this authentication means, the in-home gateway device can communicate with the uplink side via the switch means of the line concentrator.
 PONシステムでは、宅側装置がディスカバリ処理等を経てリンクアップすなわち局側装置と通信接続を確立し、その後、局側装置は、宅側装置が通信等に用いる各種設定情報を宅側装置へ送信する。 In the PON system, the home side device establishes a link-up, that is, establishes a communication connection with the station side device through discovery processing, etc., and then the station side device transmits various setting information used by the home side device for communication to the home side device. To do.
 特許文献1に記載のシステムでは、上記のようにRADIUSサーバにおいて認証処理が行なわれる。このため、同時期にリンクアップする宅内ゲートウェイ装置の台数が増加すると、RADIUSサーバの処理負荷が増大する。宅内ゲートウェイ装置がリンクアップしてから通信トラフィックが集線装置および宅内ゲートウェイ装置間で実際に流れ始めるまでの時間が長くなるため、ユーザからの早期の通信開始の要求を満たすことが困難となる。 In the system described in Patent Document 1, authentication processing is performed in the RADIUS server as described above. For this reason, if the number of in-home gateway devices that are linked up at the same time increases, the processing load of the RADIUS server increases. Since the time until the communication traffic actually starts to flow between the line concentrator and the home gateway device after the home gateway device is linked up becomes long, it becomes difficult to satisfy the request for the early communication start from the user.
 本開示は、局側装置と宅側装置とが通信可能なシステムにおいて、認証処理の負荷による通信開始の遅延を簡易に抑制することが可能な局側装置、情報管理装置、端末認証方法および情報管理方法を提供する。 The present disclosure relates to a station-side device, an information management device, a terminal authentication method, and information that can easily suppress a delay in communication start due to a load of authentication processing in a system in which a station-side device and a home-side device can communicate Provide management methods.
 最初に、本発明の実施形態の内容を列記して説明する。
 (1)本発明の実施の形態に係る局側装置は、宅側装置から通知された前記宅側装置の識別情報に対応する設定情報を他の装置から取得する取得部と、前記取得部によって取得された前記設定情報を用いて前記宅側装置と通信する通信部とを備え、前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含み、さらに、前記認証情報を用いて前記端末装置の認証処理を行なう認証部を備える。 First, the contents of the embodiment of the present invention will be listed and described.
(1) The station-side device according to the embodiment of the present invention includes an acquisition unit that acquires setting information corresponding to the identification information of the home-side device notified from the home-side device, and the acquisition unit. A communication unit that communicates with the home-side device using the acquired setting information, the setting information including authentication information of a terminal device connected to the home-side device, and further using the authentication information And an authentication unit for performing authentication processing of the terminal device.
 このような構成により、端末装置の認証処理を行なうためのRADIUSサーバ等の特別な認証サーバが不要となる。さらに、通信システムにおける認証処理の負荷を各々の局側装置に分散することができるため、宅側装置がリンクアップしてから通信トラフィックが端末装置および局側装置間で実際に流れ始めるまでの時間を短縮することができる。さらに、宅側装置の識別情報に対応する認証情報を他の装置から取得する構成により、オペレータにおいてどの局側装置がどの宅側装置に接続されるかを事前に把握する必要がなくなる。このため、登録作業が簡易になるとともに、誤った内容の設定情報が登録される可能性を低減することができる。したがって、局側装置と宅側装置とが通信可能なシステムにおいて、認証処理の負荷による通信開始の遅延を簡易に抑制することができる。 Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing authentication processing of the terminal device. Furthermore, since the load of authentication processing in the communication system can be distributed to each station side device, the time from when the home side device links up until the communication traffic actually starts to flow between the terminal device and the station side device Can be shortened. Furthermore, the configuration in which the authentication information corresponding to the identification information of the home device is acquired from another device eliminates the need for the operator to know in advance which station device is connected to which home device. For this reason, the registration work can be simplified and the possibility that setting information having incorrect contents is registered can be reduced. Therefore, in a system in which the station side device and the home side device can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
 (2)好ましくは、前記局側装置は、複数の前記通信部と、前記通信部にそれぞれ対応して設けられた複数の前記認証部とを備える。 (2) Preferably, the station side device includes a plurality of the communication units and a plurality of the authentication units provided corresponding to the communication units, respectively.
 このような構成により、1または複数の宅側装置と通信可能な通信部が複数設けられた局側装置において、通信システムにおける認証処理の負荷を各通信部単位で分散することができる。これにより、宅側装置がリンクアップしてから通信トラフィックが端末装置および局側装置間で実際に流れ始めるまでの時間をさらに短縮することができる。 With such a configuration, in a station-side device provided with a plurality of communication units capable of communicating with one or a plurality of home-side devices, the load of authentication processing in the communication system can be distributed for each communication unit. As a result, it is possible to further reduce the time from when the home side device is linked up until the communication traffic actually starts to flow between the terminal device and the station side device.
 (3)好ましくは、前記局側装置は、制御基板と、複数の回線基板とを備え、前記制御基板は、前記取得部を含み、前記回線基板の各々は、前記通信部および対応の前記認証部と、前記認証情報を記憶する記憶部とを含む。 (3) Preferably, the station side device includes a control board and a plurality of circuit boards, and the control board includes the acquisition unit, and each of the circuit boards includes the communication unit and the corresponding authentication. And a storage unit for storing the authentication information.
 このような構成により、1つの制御基板と、通信部を含む複数の回線基板とが複数設けられた局側装置において、通信システムにおける認証処理の負荷をさらに各回線基板単位で分散することができる。これにより、処理の集中する制御基板における処理負荷が軽減されるので、高スペックのCPU等の高価なデバイスを局側装置に使用することが回避される。したがって装置全体としてのコストを低減することができる。 With such a configuration, in the station side apparatus provided with a plurality of one control board and a plurality of circuit boards including the communication unit, it is possible to further distribute the authentication processing load in the communication system for each circuit board. . As a result, the processing load on the control board where processing is concentrated is reduced, so that it is possible to avoid using an expensive device such as a high-spec CPU for the station side device. Therefore, the cost of the entire apparatus can be reduced.
 (4)本発明の実施の形態に係る情報管理装置は、宅側装置との通信に局側装置が用いる前記宅側装置ごとの設定情報を記憶する記憶部と、前記記憶部に記憶された各前記設定情報のうち、前記局側装置から通知された前記宅側装置の識別情報に対応する前記設定情報を前記局側装置に与える付与部とを備え、前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含む。 (4) The information management device according to the embodiment of the present invention stores the setting information for each home device used by the station device for communication with the home device, and is stored in the storage unit. A setting unit that gives the setting information corresponding to the identification information of the home-side device notified from the station-side device among the setting information, and the setting information is the home-side device Authentication information of the terminal device connected to the.
 このような構成により、端末装置の認証処理を行なうためのRADIUSサーバ等の特別な認証サーバが不要となる。さらに、通信システムにおける認証処理の負荷を各々の局側装置に分散することができるため、宅側装置がリンクアップしてから通信トラフィックが端末装置および局側装置間で実際に流れ始めるまでの時間を短縮することができる。さらに、局側装置から通知された宅側装置の識別情報に対応する認証情報を当該局側装置に与える構成により、オペレータにおいてどの局側装置がどの宅側装置に接続されるかを事前に把握する必要がなくなる。このため、登録作業が簡易になるとともに、誤った内容の設定情報が登録される可能性を低減することができる。したがって、局側装置と宅側装置とが通信可能なシステムにおいて、認証処理の負荷による通信開始の遅延を簡易に抑制することができる。 Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing authentication processing of the terminal device. Furthermore, since the load of authentication processing in the communication system can be distributed to each station side device, the time from when the home side device links up until the communication traffic actually starts to flow between the terminal device and the station side device Can be shortened. Furthermore, the configuration in which authentication information corresponding to the identification information of the home-side device notified from the station-side device is given to the station-side device allows the operator to know in advance which station-side device is connected to which home-side device. There is no need to do it. For this reason, the registration work can be simplified and the possibility that setting information having incorrect contents is registered can be reduced. Therefore, in a system in which the station side device and the home side device can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
 (5)本発明の実施の形態に係る端末認証方法は、局側装置における端末認証方法であって、宅側装置から通知された前記宅側装置の識別情報に対応する設定情報を他の装置から取得するステップと、取得した前記設定情報を用いて前記宅側装置と通信するステップとを含み、前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含み、さらに、前記認証情報を用いて前記端末装置の認証処理を行なうステップを含む。 (5) A terminal authentication method according to an embodiment of the present invention is a terminal authentication method in a station side device, and setting information corresponding to the identification information of the home side device notified from the home side device is transmitted to another device. And the step of communicating with the home side device using the acquired setting information, the setting information includes authentication information of a terminal device connected to the home side device, and A step of performing authentication processing of the terminal device using authentication information.
 このような構成により、端末装置の認証処理を行なうためのRADIUSサーバ等の特別な認証サーバが不要となる。さらに、通信システムにおける認証処理の負荷を各々の局側装置に分散することができるため、宅側装置がリンクアップしてから通信トラフィックが端末装置および局側装置間で実際に流れ始めるまでの時間を短縮することができる。さらに、宅側装置の識別情報に対応する認証情報を他の装置から取得する構成により、オペレータにおいてどの局側装置がどの宅側装置に接続されるかを事前に把握する必要がなくなる。このため、登録作業が簡易になるとともに、誤った内容の設定情報が登録される可能性を低減することができる。したがって、局側装置と宅側装置とが通信可能なシステムにおいて、認証処理の負荷による通信開始の遅延を簡易に抑制することができる。 Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing authentication processing of the terminal device. Furthermore, since the load of authentication processing in the communication system can be distributed to each station side device, the time from when the home side device links up until the communication traffic actually starts to flow between the terminal device and the station side device Can be shortened. Furthermore, the configuration in which the authentication information corresponding to the identification information of the home device is acquired from another device eliminates the need for the operator to know in advance which station device is connected to which home device. For this reason, the registration work can be simplified and the possibility that setting information having incorrect contents is registered can be reduced. Therefore, in a system in which the station side device and the home side device can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
 (6)本発明の実施の形態に係る情報管理方法は、情報管理装置における情報管理方法であって、宅側装置との通信に局側装置が用いる前記宅側装置ごとの設定情報を記憶するステップと、記憶した各前記設定情報のうち、前記局側装置から通知された前記宅側装置の識別情報に対応する前記設定情報を前記局側装置に与えるステップとを含み、前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含む。 (6) An information management method according to an embodiment of the present invention is an information management method in an information management device, and stores setting information for each home device used by a station device for communication with the home device. And the step of giving the setting information corresponding to the identification information of the home side device notified from the station side device among the stored setting information to the station side device, It includes authentication information of a terminal device connected to the home device.
 このような構成により、端末装置の認証処理を行なうためのRADIUSサーバ等の特別な認証サーバが不要となる。さらに、通信システムにおける認証処理の負荷を各々の局側装置に分散することができるため、宅側装置がリンクアップしてから通信トラフィックが端末装置および局側装置間で実際に流れ始めるまでの時間を短縮することができる。さらに、局側装置から通知された宅側装置の識別情報に対応する認証情報を当該局側装置に与える構成により、オペレータにおいてどの局側装置がどの宅側装置に接続されるかを事前に把握する必要がなくなる。このため、登録作業が簡易になるとともに、誤った内容の設定情報が登録される可能性を低減することができる。したがって、局側装置と宅側装置とが通信可能なシステムにおいて、認証処理の負荷による通信開始の遅延を簡易に抑制することができる。 Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing authentication processing of the terminal device. Furthermore, since the load of authentication processing in the communication system can be distributed to each station side device, the time from when the home side device links up until the communication traffic actually starts to flow between the terminal device and the station side device Can be shortened. Furthermore, the configuration in which authentication information corresponding to the identification information of the home-side device notified from the station-side device is given to the station-side device allows the operator to know in advance which station-side device is connected to which home-side device. There is no need to do it. For this reason, the registration work can be simplified and the possibility that setting information having incorrect contents is registered can be reduced. Therefore, in a system in which the station side device and the home side device can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
 以下、本発明の実施の形態について図面を用いて説明する。なお、図中同一または相当部分には同一符号を付してその説明は繰り返さない。また、以下に記載する実施の形態の少なくとも一部を任意に組み合わせてもよい。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated. Moreover, you may combine arbitrarily at least one part of embodiment described below.
 図1は、本発明の実施の形態に係るPONシステムの構成を示す図である。図1を参照して、PONシステム301は、局側装置101と、複数のONU202と、複数のONU202にそれぞれ接続される複数の端末装置151と、オペレータ端末152と、サーバ(情報管理装置)161とを備える。局側装置101は、制御カード(制御基板)51と、複数の回線カード(回線基板)52とを備える。 FIG. 1 is a diagram showing a configuration of a PON system according to an embodiment of the present invention. Referring to FIG. 1, a PON system 301 includes a station side device 101, a plurality of ONUs 202, a plurality of terminal devices 151 connected to the plurality of ONUs 202, an operator terminal 152, and a server (information management device) 161. With. The station apparatus 101 includes a control card (control board) 51 and a plurality of line cards (line boards) 52.
 図1では、2つの局側装置101を代表的に示している。PONシステム301は、さらに多数の局側装置101を備える構成であってもよいし、1つの局側装置101を備える構成であってもよい。図1では、局側装置101における2つの回線カード52を代表的に示している。局側装置101は、さらに多数の回線カード52を備える構成であってもよいし、1つの回線カード52を備える構成であってもよい。 FIG. 1 representatively shows two station side devices 101. The PON system 301 may be configured to further include a large number of station-side devices 101 or may be configured to include one station-side device 101. FIG. 1 representatively shows two line cards 52 in the station side apparatus 101. The station apparatus 101 may be configured to further include a number of line cards 52 or may be configured to include one line card 52.
 1つの回線カード52に1つのONU202が接続される構成に限らず、1つの回線カード52にスプリッタ等を介して複数のONU202が接続される構成であってもよい。1つのONU202に1つの端末装置151が接続される構成に限らず、1つのONU202に複数の端末装置151が接続される構成であってもよい。 Not only the configuration in which one ONU 202 is connected to one line card 52, but also a configuration in which a plurality of ONUs 202 are connected to one line card 52 via a splitter or the like. The configuration is not limited to one terminal device 151 connected to one ONU 202, and a plurality of terminal devices 151 may be connected to one ONU 202.
 ONU202と局側装置101とは、光ファイバを介して接続され、互いに光信号を送受信する。 The ONU 202 and the station side device 101 are connected via an optical fiber and transmit / receive optical signals to / from each other.
 PONシステム301では、1つの回線カード52に複数のONU202が接続される場合、各ONU202から局側装置101への光信号が時分割多重される。 In the PON system 301, when a plurality of ONUs 202 are connected to one line card 52, optical signals from each ONU 202 to the station side apparatus 101 are time-division multiplexed.
 端末装置151は、たとえば、HGW(ホームゲートウェイ)である。端末装置151は、図示しないノートPC(パーソナルコンピュータ)およびIP電話等から受けたIPパケット等の通信データをONU202へ送信する。 The terminal device 151 is, for example, an HGW (home gateway). The terminal device 151 transmits communication data such as an IP packet received from a not-shown notebook PC (personal computer) and an IP phone to the ONU 202.
 ONU202は、端末装置151から電気信号の形態で通信データを受信し、その通信データを含む上りフレームを生成する。ONU202は、上りフレームを光信号に変換して、局側装置101における回線カード52へ光信号を送信する。 The ONU 202 receives communication data in the form of an electrical signal from the terminal device 151, and generates an uplink frame including the communication data. The ONU 202 converts the upstream frame into an optical signal and transmits the optical signal to the line card 52 in the station side apparatus 101.
 回線カード52は、ONU202から受信した光信号を電気信号に変換する。回線カード52は、変換した電気信号から上りフレームを再構成して制御カード51へ上りフレームを出力する。 The line card 52 converts the optical signal received from the ONU 202 into an electrical signal. The line card 52 reconstructs the upstream frame from the converted electrical signal and outputs the upstream frame to the control card 51.
 制御カード51は、各回線カード52から受けた上りフレームを多重してネットワーク401へ送信する。制御カード51は、ネットワーク401から受信した下りフレームを各回線カード52に振り分ける。 The control card 51 multiplexes the upstream frame received from each line card 52 and transmits it to the network 401. The control card 51 distributes the downstream frame received from the network 401 to each line card 52.
 回線カード52は、制御カード51から電気信号の形態で下りフレームを受けて、下りフレームを光信号に変換する。回線カード52は、ONU202へ光信号を送信する。 The line card 52 receives a downstream frame in the form of an electrical signal from the control card 51 and converts the downstream frame into an optical signal. The line card 52 transmits an optical signal to the ONU 202.
 ONU202は、局側装置101における回線カード52から光信号を受信して、その光信号を電気信号に変換する。ONU202は、変換した電気信号から、下りフレームを再構成し、たとえば当該下りフレームに含まれる通信データを端末装置151へ送信する。 The ONU 202 receives an optical signal from the line card 52 in the station side device 101 and converts the optical signal into an electric signal. The ONU 202 reconstructs a downlink frame from the converted electrical signal, and transmits, for example, communication data included in the downlink frame to the terminal device 151.
 端末装置151は、たとえば、ONU202からIPパケット等の通信データを受信して、図示しないノートPCおよびIP電話等へ通信データを送信する。 The terminal device 151 receives, for example, communication data such as an IP packet from the ONU 202, and transmits the communication data to a notebook PC and an IP phone (not shown).
 PONシステム301は、たとえばDPoE(Data Over Cable Service Interface Specification Provisioning of EPON)規格に従うDPoEモードで動作する。 The PON system 301 operates in a DPoE mode that conforms to, for example, DPoE (Data Over Cable Service Interface Specification Providing of EPON) standard.
 サーバ161は、ONU202との通信に局側装置101が用いるONU202ごとのコンフィグファイル(Config file;Configuration fileをこのように略称する)を保持している。コンフィグファイルは、ONU202が通信等に用いる各種設定情報を含む。具体的には、たとえば、コンフィグファイルは、ONU202の最大帯域、最低保証帯域、優先度およびサービスクラス等の回線情報を含む。優先度は、通信するデータの優先度である。サービスクラスは、ビジネス向けおよび住宅向け等の契約内容である。 The server 161 holds a configuration file (Config file; Configuration file is abbreviated in this way) for each ONU 202 used by the station-side apparatus 101 for communication with the ONU 202. The configuration file includes various setting information that the ONU 202 uses for communication and the like. Specifically, for example, the configuration file includes line information such as the maximum bandwidth, minimum guaranteed bandwidth, priority, and service class of the ONU 202. The priority is a priority of data to be communicated. The service class is contract contents for business and residential use.
 ONU202がディスカバリ処理等を経てリンクアップすなわち局側装置101との通信接続を確立した後、局側装置101は、サーバ161からコンフィグファイルを取得する。局側装置101は、たとえば、取得したコンフィグファイルの情報の一部または全部を、拡張OAM等を用いてONU202に与えるとともに、自己に設定する。 After the ONU 202 establishes a link-up, that is, a communication connection with the station side apparatus 101 through the discovery process or the like, the station side apparatus 101 acquires a configuration file from the server 161. For example, the station-side apparatus 101 provides part or all of the acquired configuration file information to the ONU 202 using the extended OAM or the like, and sets it to itself.
 図2は、本発明の実施の形態に係るPONシステムの比較例の構成を示す図である。図2を参照して、PONシステム311は、局側装置111と、認証サーバ162と、認証情報データベース163と、複数のONU202と、複数のONU202にそれぞれ接続される複数の端末装置151と、オペレータ端末152とを備える。 FIG. 2 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention. Referring to FIG. 2, the PON system 311 includes a station side device 111, an authentication server 162, an authentication information database 163, a plurality of ONUs 202, a plurality of terminal devices 151 connected to the plurality of ONUs 202, and an operator. A terminal 152.
 オペレータ端末152は、オペレータの操作に従い、端末装置151のMACアドレス、ユーザIDおよびパスワード等の認証情報を認証サーバ162経由で認証情報データベース163に登録する。「オペレータ」とは、たとえば、PONシステムを用いて通信サービスを提供する事業者のオペレータである。 The operator terminal 152 registers authentication information such as the MAC address, user ID, and password of the terminal device 151 in the authentication information database 163 via the authentication server 162 in accordance with the operation of the operator. An “operator” is, for example, an operator of a provider who provides a communication service using a PON system.
 認証サーバ162は、端末装置151の認証処理を行なう。より詳細には、認証サーバ162は、ONU202および局側装置111経由で端末装置151から受信した認証要求に含まれるMACアドレス、ユーザIDおよびパスワード等の認証情報と、認証情報データベース163に登録されている認証情報とを照合する。たとえば上記事業者によって、設置前に、認証情報が端末装置151に登録される。 The authentication server 162 performs authentication processing of the terminal device 151. More specifically, the authentication server 162 is registered in the authentication information database 163 with authentication information such as a MAC address, a user ID, and a password included in the authentication request received from the terminal device 151 via the ONU 202 and the station-side device 111. The authentication information is verified. For example, the authentication information is registered in the terminal device 151 by the above business operator before installation.
 認証サーバ162から認証成功を示す認証応答を受信するまで、局側装置111は、端末装置151およびネットワーク401間のIPパケット等の通信データの伝送を不許可とする。局側装置111に認証成功を示す認証応答が認証サーバ162から到着すると、当該伝送が許可され、通信トラフィックが端末装置151およびネットワーク401間で流れ始める。 The station apparatus 111 does not permit transmission of communication data such as IP packets between the terminal apparatus 151 and the network 401 until an authentication response indicating successful authentication is received from the authentication server 162. When an authentication response indicating successful authentication arrives at the station side device 111 from the authentication server 162, the transmission is permitted and communication traffic starts to flow between the terminal device 151 and the network 401.
 たとえば、認証サーバには多数の局側装置が接続される可能性がある。局側装置には、数千台規模のONU202が接続される可能性がある。停電からの復旧時等に多数のONU202が同じ時期にリンクアップする場合、認証サーバの処理負荷が増大する可能性がある。このような場合、ONU202がリンクアップしてから通信トラフィックが端末装置151およびネットワーク401間で実際に流れ始めるまでの時間が長くなる。 For example, there is a possibility that many station side devices are connected to the authentication server. There is a possibility that thousands of ONUs 202 are connected to the station side device. When a large number of ONUs 202 are linked up at the same time, such as when recovering from a power failure, the processing load on the authentication server may increase. In such a case, the time from when the ONU 202 links up until the communication traffic actually starts to flow between the terminal device 151 and the network 401 becomes longer.
 このような問題を解決するために、以下のPONシステムの構成を採用することが考えられる。 In order to solve such problems, it is conceivable to adopt the following PON system configuration.
 図3は、本発明の実施の形態に係るPONシステムの比較例の構成を示す図である。図3を参照して、PONシステム312は、局側装置112と、複数のONU202と、複数のONU202にそれぞれ接続される複数の端末装置151と、オペレータ端末152とを備える。 FIG. 3 is a diagram showing a configuration of a comparative example of the PON system according to the embodiment of the present invention. Referring to FIG. 3, the PON system 312 includes a station side device 112, a plurality of ONUs 202, a plurality of terminal devices 151 connected to the plurality of ONUs 202, and an operator terminal 152.
 PONシステム312では、局側装置112における制御カード51が、端末装置151の認証情報を保持する。 In the PON system 312, the control card 51 in the station side device 112 holds the authentication information of the terminal device 151.
 より詳細には、オペレータ端末152は、オペレータの操作に従い、端末装置151のMACアドレス、ユーザIDおよびパスワード等の認証情報を含むコンフィグファイルを制御カード51に登録する。 More specifically, the operator terminal 152 registers a configuration file including authentication information such as the MAC address, user ID, and password of the terminal device 151 in the control card 51 in accordance with the operation of the operator.
 制御カード51は、端末装置151の認証処理を行なう。より詳細には、制御カード51は、ONU202および回線カード52経由で端末装置151から受信した認証要求に含まれるMACアドレス、ユーザIDおよびパスワード等の認証情報と、自己の保持する認証情報とを照合する。 The control card 51 performs authentication processing of the terminal device 151. More specifically, the control card 51 collates authentication information such as a MAC address, user ID, and password included in the authentication request received from the terminal device 151 via the ONU 202 and the line card 52 with the authentication information held by itself. To do.
 制御カード51において端末装置151の認証が成功するまで、局側装置112は、端末装置151およびネットワーク401間のIPパケット等の通信データの伝送を不許可とする。制御カード51において端末装置151の認証が成功すると、当該伝送が許可され、通信トラフィックが端末装置151およびネットワーク401間で流れ始める。 Until the authentication of the terminal device 151 succeeds in the control card 51, the station side device 112 does not permit transmission of communication data such as an IP packet between the terminal device 151 and the network 401. When the authentication of the terminal device 151 is successful in the control card 51, the transmission is permitted and communication traffic starts to flow between the terminal device 151 and the network 401.
 このような構成により、PONシステム312における認証処理の負荷を各々の局側装置112に分散することができる。したがって、ONU202がリンクアップしてから通信トラフィックが端末装置151およびネットワーク401間で実際に流れ始めるまでの時間を短縮することができる。 With such a configuration, the load of authentication processing in the PON system 312 can be distributed to each station side device 112. Therefore, it is possible to shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
 一方、PONシステム312では、どの局側装置112がどのONU202に接続されるかを事前に把握して、局側装置112ごとに異なる内容のコンフィグファイルを、各々の局側装置112における制御カード51に登録する必要がある。このため、登録作業が煩雑になるとともに、誤った内容のコンフィグファイルが登録される可能性が高くなる。これは、PONシステム311でも同様に起こり得る。 On the other hand, in the PON system 312, which station side device 112 is connected to which ONU 202 in advance, a configuration file having a different content for each station side device 112 is stored in the control card 51 in each station side device 112. It is necessary to register with. For this reason, the registration work becomes complicated, and the possibility that a misconfigured configuration file is registered increases. This can occur in the PON system 311 as well.
 本発明の実施の形態に係るPONシステムでは、以下の構成および動作により、上記問題を解決することができる。 In the PON system according to the embodiment of the present invention, the above problem can be solved by the following configuration and operation.
 再び図1を参照して、PONシステム301では、局側装置101は、ONU202から通知された当該ONU202のMACアドレス等の識別情報に対応するコンフィグファイルをサーバ161から取得する。局側装置101は、取得したコンフィグファイルに含まれる認証情報を用いて端末装置151の認証処理を行なう。 Referring again to FIG. 1, in the PON system 301, the station apparatus 101 acquires a configuration file corresponding to identification information such as the MAC address of the ONU 202 notified from the ONU 202 from the server 161. The station side apparatus 101 performs the authentication process of the terminal apparatus 151 using the authentication information included in the acquired configuration file.
 より詳細には、局側装置101における回線カード52は、参照用の端末装置151の認証情報を保持する。 More specifically, the line card 52 in the station side device 101 holds the authentication information of the reference terminal device 151.
 回線カード52は、端末装置151の認証処理を行なう。より詳細には、回線カード52は、ONU202経由で端末装置151から受信した認証要求に含まれるMACアドレス、ユーザIDおよびパスワード等の認証情報と、自己の保持する認証情報とを照合する。 The line card 52 performs authentication processing of the terminal device 151. More specifically, the line card 52 collates authentication information such as a MAC address, a user ID, and a password included in the authentication request received from the terminal device 151 via the ONU 202 with the authentication information held by itself.
 次に、本発明の実施の形態に係るPONシステムにおける端末装置の認証処理について説明する。 Next, authentication processing of the terminal device in the PON system according to the embodiment of the present invention will be described.
 PONシステム301における各装置は、コンピュータを備える。当該コンピュータにおけるCPU等の演算処理部は、以下のシーケンスの各ステップの一部または全部を含むプログラムを図示しないメモリから読み出して実行する。これら複数の装置のプログラムは、それぞれ、外部からインストールすることができる。これら複数の装置のプログラムは、それぞれ、記録媒体に格納された状態で流通することができる。 Each device in the PON system 301 includes a computer. An arithmetic processing unit such as a CPU in the computer reads and executes a program including a part or all of each step of the following sequence from a memory (not shown). Each of the programs of the plurality of apparatuses can be installed from the outside. Each of the programs of the plurality of apparatuses can be distributed while being stored in a recording medium.
 図4は、本発明の実施の形態に係るPONシステムにおいて、ONUがリンクアップしてから通信トラフィックが流れ始めるまでのシーケンスの一例を示す図である。 FIG. 4 is a diagram illustrating an example of a sequence from when the ONU links up until communication traffic starts flowing in the PON system according to the embodiment of the present invention.
 図4を参照して、オペレータ端末152は、オペレータの操作に従い、図示しない顧客データベース等の情報を用いて、PONシステム301における各ONU202のコンフィグファイルを作成し、コンフィグファイルをサーバ161へ送信する。このコンフィグファイルには、たとえば、回線情報と、各ONU202に接続される1または複数の端末装置151の認証情報とが含まれる(ステップS1)。 Referring to FIG. 4, operator terminal 152 creates a configuration file for each ONU 202 in PON system 301 using information such as a customer database (not shown) in accordance with the operation of the operator, and transmits the configuration file to server 161. This configuration file includes, for example, line information and authentication information of one or more terminal devices 151 connected to each ONU 202 (step S1).
 サーバ161は、オペレータ端末152から受信した各ONU202のコンフィグファイルを保存する(ステップS2)。 The server 161 stores the configuration file of each ONU 202 received from the operator terminal 152 (step S2).
 ONU202は、接続要求を局側装置101における回線カード52へ送信する。この接続要求は、たとえばONU202のMACアドレス等の識別情報を含む(ステップS3)。 The ONU 202 transmits a connection request to the line card 52 in the station side device 101. This connection request includes identification information such as the MAC address of the ONU 202 (step S3).
 回線カード52は、ONU202から受信した接続要求を制御カード51へ出力する(ステップS4)。 The line card 52 outputs the connection request received from the ONU 202 to the control card 51 (step S4).
 制御カード51は、回線カード52から接続要求を受けて、当該接続要求に含まれる識別情報を含むコンフィグファイル要求をサーバ161へ送信する(ステップS5)。 The control card 51 receives a connection request from the line card 52 and transmits a configuration file request including identification information included in the connection request to the server 161 (step S5).
 サーバ161は、局側装置101における制御カード51からコンフィグファイル要求を受信して、保存した各コンフィグファイルの中から、当該コンフィグファイル要求に含まれる識別情報に対応するコンフィグファイルを取得する(ステップS6)。サーバ161は、コンフィグファイルを局側装置101へ送信する(ステップS7)。 The server 161 receives the configuration file request from the control card 51 in the station side apparatus 101, and acquires a configuration file corresponding to the identification information included in the configuration file request from the stored configuration files (step S6). ). The server 161 transmits the configuration file to the station side device 101 (step S7).
 制御カード51は、サーバ161から受信したコンフィグファイルを解析して、当該コンフィグファイルから回線情報および認証情報を抽出する(ステップS8)。 The control card 51 analyzes the configuration file received from the server 161, and extracts line information and authentication information from the configuration file (step S8).
 制御カード51は、抽出した回線情報を回線カード52へ出力する(ステップS9)。
 回線カード52は、制御カード51から受けた回線情報を用いてONU202との間で各種情報を送受信する。これにより、回線カード52は、当該ONU202との通信を可能とする回線設定処理を行なう(ステップS10)。 The control card 51 outputs the extracted line information to the line card 52 (step S9).
The line card 52 transmits / receives various information to / from the ONU 202 using the line information received from the control card 51. Thereby, the line card 52 performs a line setting process that enables communication with the ONU 202 (step S10).
 制御カード51は、抽出した参照用の認証情報を回線カード52へ出力する(ステップS11)。 The control card 51 outputs the extracted reference authentication information to the line card 52 (step S11).
 回線カード52は、制御カード51から受けた認証情報を保存する(ステップS12)。 The line card 52 stores the authentication information received from the control card 51 (step S12).
 端末装置151は、認証情報を含む認証要求をONU202へ送信する(ステップS13)。 The terminal device 151 transmits an authentication request including authentication information to the ONU 202 (step S13).
 ONU202は、端末装置151から受信した認証要求を局側装置101における回線カード52へ送信する(ステップS14)。 The ONU 202 transmits the authentication request received from the terminal device 151 to the line card 52 in the station side device 101 (step S14).
 回線カード52は、ONU202から受信した認証要求に含まれる認証情報と、自己の保持する認証情報とを照合する(ステップS15)。 The line card 52 collates the authentication information included in the authentication request received from the ONU 202 with the authentication information held by itself (step S15).
 ONU202から受信した認証情報と、自己の保持する認証情報とが一致する場合、回線カード52は、認証成功を示す認証応答をONU202へ送信する(ステップS16)。 When the authentication information received from the ONU 202 matches the authentication information held by itself, the line card 52 transmits an authentication response indicating successful authentication to the ONU 202 (step S16).
 回線カード52は、端末装置151およびネットワーク401間の通信を許可する旨を示す通信許可をONU202へ送信する(ステップS17)。 The line card 52 transmits a communication permission indicating that the communication between the terminal device 151 and the network 401 is permitted to the ONU 202 (step S17).
 ONU202は、局側装置101における回線カード52から受信した認証応答を端末装置151へ送信する。ONU202は、局側装置101における回線カード52から通信許可を受信して、端末装置151およびネットワーク401間のIPパケット等の通信データの伝送を許可する(ステップS18)。 The ONU 202 transmits the authentication response received from the line card 52 in the station side device 101 to the terminal device 151. The ONU 202 receives communication permission from the line card 52 in the station side device 101, and permits transmission of communication data such as IP packets between the terminal device 151 and the network 401 (step S18).
 端末装置151は、認証成功を示す認証情報を受信して、IPパケット等の通信データをONU202へ送信する(ステップS19)。 The terminal device 151 receives authentication information indicating successful authentication, and transmits communication data such as an IP packet to the ONU 202 (step S19).
 ONU202は、端末装置151から受信した通信データを局側装置101における回線カード52へ送信する(ステップS20)。 The ONU 202 transmits the communication data received from the terminal device 151 to the line card 52 in the station side device 101 (step S20).
 回線カード52は、ONU202から受信した通信データを制御カード51へ出力する(ステップS21)。 The line card 52 outputs the communication data received from the ONU 202 to the control card 51 (step S21).
 制御カード51は、回線カード52から受けた通信データをネットワーク401へ送信する。 The control card 51 transmits the communication data received from the line card 52 to the network 401.
 以後、ネットワーク401および端末装置151間において、局側装置101およびONU202経由で通信データが送受信される。 Thereafter, communication data is transmitted and received between the network 401 and the terminal device 151 via the station-side device 101 and the ONU 202.
 図4に示すシーケンスにおいて、ステップS9およびステップS11の順番を入れ替えることができる。 In the sequence shown in FIG. 4, the order of step S9 and step S11 can be switched.
 図5は、本発明の実施の形態に係るPONシステムにおける局側装置の構成を示す図である。図5では、1つの制御カード51と1つの回線カード52とを代表的に示している。 FIG. 5 is a diagram showing a configuration of the station side device in the PON system according to the embodiment of the present invention. In FIG. 5, one control card 51 and one line card 52 are representatively shown.
 図5を参照して、局側装置101は、取得部11と、通信部12と、認証部13と、記憶部14とを備える。取得部11は、制御カード51に含まれる。通信部12、認証部13および記憶部14は、回線カード52に含まれる。 Referring to FIG. 5, the station apparatus 101 includes an acquisition unit 11, a communication unit 12, an authentication unit 13, and a storage unit 14. The acquisition unit 11 is included in the control card 51. The communication unit 12, the authentication unit 13, and the storage unit 14 are included in the line card 52.
 取得部11は、ONU202から通知された当該ONU202の識別情報たとえばMACアドレスに対応する設定情報を、他の装置たとえばサーバ161から取得する。この設定情報は、当該ONU202に接続される端末装置151の認証情報を含む。 The acquisition unit 11 acquires the setting information corresponding to the identification information, for example, the MAC address, of the ONU 202 notified from the ONU 202 from another device, for example, the server 161. This setting information includes authentication information of the terminal device 151 connected to the ONU 202.
 通信部12は、取得部11によって取得された設定情報を用いて当該ONU202と通信する。 The communication unit 12 communicates with the ONU 202 using the setting information acquired by the acquisition unit 11.
 認証部13は、当該設定情報に含まれる認証情報を用いて当該端末装置151の認証処理を行なう。 The authentication unit 13 performs authentication processing of the terminal device 151 using authentication information included in the setting information.
 より詳細には、通信部12は、ONU202から受信した接続要求を取得部11へ出力する。 More specifically, the communication unit 12 outputs the connection request received from the ONU 202 to the acquisition unit 11.
 取得部11は、通信部12から接続要求を受けて、当該接続要求に含まれる識別情報を含むコンフィグファイル要求をサーバ161へ送信する。 The acquisition unit 11 receives a connection request from the communication unit 12 and transmits a configuration file request including identification information included in the connection request to the server 161.
 取得部11は、サーバ161から当該識別情報に対応するコンフィグファイルを受信して、当該コンフィグファイルを解析し、当該コンフィグファイルから回線情報および認証情報を抽出して通信部12および認証部13へそれぞれ出力する。 The acquisition unit 11 receives a configuration file corresponding to the identification information from the server 161, analyzes the configuration file, extracts line information and authentication information from the configuration file, and transmits the line information and authentication information to the communication unit 12 and the authentication unit 13, respectively. Output.
 通信部12は、取得部11から受けた回線情報を用いてONU202と回線設定処理を行なう。 The communication unit 12 performs line setting processing with the ONU 202 using the line information received from the acquisition unit 11.
 認証部13は、取得部11から受けた認証情報を記憶部14に保存する。認証部13は、ONU202および通信部12経由で受けた認証要求に対応する認証情報、たとえば当該認証情報に含まれるMACアドレスと一致するMACアドレスの認証情報を記憶部14から取得する。認証部13は、取得した認証情報と当該認証要求に含まれる認証情報とを照合する。認証部13は、照合結果を通信部12に通知する。 The authentication unit 13 stores the authentication information received from the acquisition unit 11 in the storage unit 14. The authentication unit 13 acquires authentication information corresponding to an authentication request received via the ONU 202 and the communication unit 12, for example, authentication information of a MAC address that matches the MAC address included in the authentication information from the storage unit 14. The authentication unit 13 collates the acquired authentication information with the authentication information included in the authentication request. The authentication unit 13 notifies the communication unit 12 of the collation result.
 通信部12は、認証部13から受けた照合結果である、認証成功または認証失敗を示す認証応答をONU202へ送信する。 The communication unit 12 transmits to the ONU 202 an authentication response indicating the authentication success or the authentication failure, which is the collation result received from the authentication unit 13.
 たとえば、局側装置101は、複数の通信部12と、複数の通信部12にそれぞれ対応して設けられた複数の認証部13とを備える。この場合、局側装置101は、たとえば複数の回線カード52を備える。複数の回線カード52の各々は、通信部12および対応の認証部13と、記憶部14とを含む。 For example, the station-side device 101 includes a plurality of communication units 12 and a plurality of authentication units 13 provided corresponding to the plurality of communication units 12, respectively. In this case, the station apparatus 101 includes a plurality of line cards 52, for example. Each of the plurality of line cards 52 includes a communication unit 12, a corresponding authentication unit 13, and a storage unit 14.
 図6は、本発明の実施の形態に係るPONシステムにおけるサーバの構成を示す図である。図6を参照して、サーバ161は、付与部31と、記憶部32と、登録部33とを備える。 FIG. 6 is a diagram showing a server configuration in the PON system according to the embodiment of the present invention. With reference to FIG. 6, the server 161 includes a granting unit 31, a storage unit 32, and a registration unit 33.
 記憶部32は、ONU202との通信に局側装置101が用いるONU202ごとの設定情報を記憶する。 The storage unit 32 stores setting information for each ONU 202 used by the station-side device 101 for communication with the ONU 202.
 付与部31は、記憶部32に記憶された各設定情報のうち、局側装置101から通知されたONU202の識別情報に対応する設定情報を当該局側装置101に与える。当該設定情報は、当該ONU202に接続される端末装置151の認証情報を含む。 The granting unit 31 gives the setting information corresponding to the identification information of the ONU 202 notified from the station side device 101 among the setting information stored in the storage unit 32 to the station side device 101. The setting information includes authentication information of the terminal device 151 connected to the ONU 202.
 より詳細には、登録部33は、オペレータ端末152から受信したPONシステム301における各ONU202のコンフィグファイルを記憶部32に保存する。 More specifically, the registration unit 33 stores the configuration file of each ONU 202 in the PON system 301 received from the operator terminal 152 in the storage unit 32.
 付与部31は、局側装置101における取得部11からコンフィグファイル要求を受信する。付与部31は、記憶部32における各コンフィグファイルの中から、当該コンフィグファイル要求に含まれる識別情報に対応するコンフィグファイルを取得し、そのコンフィグファイルを取得部11へ送信する。 The grant unit 31 receives a configuration file request from the acquisition unit 11 in the station side device 101. The assigning unit 31 acquires a configuration file corresponding to the identification information included in the configuration file request from the configuration files in the storage unit 32 and transmits the configuration file to the acquisition unit 11.
 [変形例]
 局側装置101は、回線カード52において認証情報を記憶し、認証処理を行なう構成に限らない。局側装置101は、制御カード51において認証情報を記憶し、認証処理を行なう構成を有してもよい。 [Modification]
The station-side device 101 is not limited to a configuration in which authentication information is stored in the line card 52 and authentication processing is performed. The station apparatus 101 may have a configuration for storing authentication information in the control card 51 and performing authentication processing.
 図7は、本発明の実施の形態に係るPONシステムの変形例の構成を示す図である。この変形例は、以下で説明する内容以外はPONシステム301と同様である。 FIG. 7 is a diagram showing a configuration of a modified example of the PON system according to the embodiment of the present invention. This modification is the same as the PON system 301 except for the contents described below.
 図7を参照して、PONシステム302は、局側装置102と、サーバ161と、複数のONU202と、複数のONU202にそれぞれ接続される複数の端末装置151と、オペレータ端末152とを備える。局側装置101は、制御カード(制御基板)51と、複数の回線カード(回線基板)52とを備える。 Referring to FIG. 7, the PON system 302 includes a station-side device 102, a server 161, a plurality of ONUs 202, a plurality of terminal devices 151 connected to the plurality of ONUs 202, and an operator terminal 152, respectively. The station apparatus 101 includes a control card (control board) 51 and a plurality of line cards (line boards) 52.
 PONシステム302では、局側装置102における制御カード51が、参照用の端末装置151の認証情報を保持する。 In the PON system 302, the control card 51 in the station side device 102 holds the authentication information of the reference terminal device 151.
 制御カード51は、端末装置151の認証処理を行なう。より詳細には、制御カード51は、ONU202および回線カード52経由で端末装置151から受信した認証要求に含まれるMACアドレス、ユーザIDおよびパスワード等の認証情報と、自己の保持する認証情報とを照合する。 The control card 51 performs authentication processing of the terminal device 151. More specifically, the control card 51 collates authentication information such as a MAC address, user ID, and password included in the authentication request received from the terminal device 151 via the ONU 202 and the line card 52 with the authentication information held by itself. To do.
 図8は、本発明の実施の形態に係るPONシステムの変形例において、ONUがリンクアップしてから通信トラフィックが流れ始めるまでのシーケンスの一例を示す図である。 FIG. 8 is a diagram showing an example of a sequence from when the ONU links up until communication traffic starts to flow in a modification of the PON system according to the embodiment of the present invention.
 図8を参照して、ステップS21~S30の動作は、図4に示すシーケンスにおけるステップS1~S10と同様である。 Referring to FIG. 8, the operations in steps S21 to S30 are the same as steps S1 to S10 in the sequence shown in FIG.
 制御カード51は、抽出した参照用の認証情報を保存する(ステップS31)。
 端末装置151は、認証情報を含む認証要求をONU202へ送信する(ステップS32)。 The control card 51 stores the extracted authentication information for reference (step S31).
The terminal device 151 transmits an authentication request including authentication information to the ONU 202 (step S32).
 ONU202は、端末装置151から受信した認証要求を局側装置102における回線カード52へ送信する(ステップS33)。 The ONU 202 transmits the authentication request received from the terminal device 151 to the line card 52 in the station side device 102 (step S33).
 回線カード52は、ONU202から受信した認証要求を制御カード51へ出力する(ステップS34)。 The line card 52 outputs the authentication request received from the ONU 202 to the control card 51 (step S34).
 制御カード51は、回線カード52から受けた認証要求に含まれる認証情報と、自己の保持する認証情報とを照合する(ステップS35)。 The control card 51 collates the authentication information included in the authentication request received from the line card 52 with the authentication information held by itself (step S35).
 回線カード52から受けた認証情報と、自己の保持する認証情報とが一致する場合、制御カード51は、認証成功を示す認証応答を回線カード52へ出力する(ステップS36)。 If the authentication information received from the line card 52 matches the authentication information held by itself, the control card 51 outputs an authentication response indicating a successful authentication to the line card 52 (step S36).
 制御カード51は、端末装置151およびネットワーク401間の通信を許可する旨を示す通信許可を回線カード52へ出力する(ステップS37)。 The control card 51 outputs a communication permission indicating that communication between the terminal device 151 and the network 401 is permitted to the line card 52 (step S37).
 回線カード52は、制御カード51から受けた認証応答をONU202へ送信する(ステップS38)。 The line card 52 transmits the authentication response received from the control card 51 to the ONU 202 (step S38).
 回線カード52は、制御カード51から受けた通信許可をONU202へ送信する(ステップS39)。 The line card 52 transmits the communication permission received from the control card 51 to the ONU 202 (step S39).
 ステップS40~S43の動作は、図4に示すシーケンスにおけるステップS18~S21と同様である。 The operation of steps S40 to S43 is the same as that of steps S18 to S21 in the sequence shown in FIG.
 図8に示すシーケンスにおいて、ステップS29およびステップS31の順番は、入れ替えることができる。 In the sequence shown in FIG. 8, the order of step S29 and step S31 can be interchanged.
 図9は、本発明の実施の形態に係るPONシステムの変形例における局側装置の構成を示す図である。図9では、1つの制御カード51と1つの回線カード52とを代表的に示している。 FIG. 9 is a diagram showing a configuration of a station side device in a modification of the PON system according to the embodiment of the present invention. In FIG. 9, one control card 51 and one line card 52 are representatively shown.
 図9を参照して、局側装置102は、取得部11と、通信部12と、認証部13と、記憶部14とを備える。取得部11、認証部13および記憶部14は、制御カード51に含まれる。通信部12は、回線カード52に含まれる。 Referring to FIG. 9, the station side device 102 includes an acquisition unit 11, a communication unit 12, an authentication unit 13, and a storage unit 14. The acquisition unit 11, the authentication unit 13, and the storage unit 14 are included in the control card 51. The communication unit 12 is included in the line card 52.
 取得部11は、ONU202から通知された当該ONU202の識別情報たとえばMACアドレスに対応する設定情報を、他の装置たとえばサーバ161から取得する。この設定情報は、当該ONU202に接続される端末装置151の認証情報を含む。 The acquisition unit 11 acquires the setting information corresponding to the identification information, for example, the MAC address, of the ONU 202 notified from the ONU 202 from another device, for example, the server 161. This setting information includes authentication information of the terminal device 151 connected to the ONU 202.
 通信部12は、取得部11によって取得された設定情報を用いて当該ONU202と通信する。 The communication unit 12 communicates with the ONU 202 using the setting information acquired by the acquisition unit 11.
 認証部13は、当該設定情報に含まれる認証情報を用いて当該端末装置151の認証処理を行なう。 The authentication unit 13 performs authentication processing of the terminal device 151 using authentication information included in the setting information.
 より詳細には、通信部12は、ONU202から受信した接続要求を取得部11へ出力する。 More specifically, the communication unit 12 outputs the connection request received from the ONU 202 to the acquisition unit 11.
 取得部11は、通信部12から接続要求を受けて、当該接続要求に含まれる識別情報を含むコンフィグファイル要求をサーバ161へ送信する。 The acquisition unit 11 receives a connection request from the communication unit 12 and transmits a configuration file request including identification information included in the connection request to the server 161.
 取得部11は、サーバ161から当該識別情報に対応するコンフィグファイルを受信して、当該コンフィグファイルを解析する。取得部11は、当該コンフィグファイルから回線情報および認証情報を抽出して、回線情報を通信部12へ出力するとともに、認証情報を記憶部14に保存する。 The acquisition unit 11 receives a configuration file corresponding to the identification information from the server 161 and analyzes the configuration file. The acquisition unit 11 extracts line information and authentication information from the configuration file, outputs the line information to the communication unit 12, and stores the authentication information in the storage unit 14.
 通信部12は、取得部11から受けた回線情報を用いてONU202と回線設定処理を行なう。 The communication unit 12 performs line setting processing with the ONU 202 using the line information received from the acquisition unit 11.
 認証部13は、ONU202および通信部12経由で受けた認証要求に対応する認証情報、たとえば当該認証情報に含まれるMACアドレスと一致するMACアドレスの認証情報を記憶部14から取得する。認証部13は、取得した認証情報と当該認証要求に含まれる認証情報とを照合する。認証部13は、照合結果を通信部12に通知する。 The authentication unit 13 acquires authentication information corresponding to an authentication request received via the ONU 202 and the communication unit 12, for example, authentication information of a MAC address that matches the MAC address included in the authentication information from the storage unit 14. The authentication unit 13 collates the acquired authentication information with the authentication information included in the authentication request. The authentication unit 13 notifies the communication unit 12 of the collation result.
 通信部12は、認証部13から受けた照合結果である、認証成功または認証失敗を示す認証応答をONU202へ送信する。 The communication unit 12 transmits to the ONU 202 an authentication response indicating the authentication success or the authentication failure, which is the collation result received from the authentication unit 13.
 たとえば、局側装置102は、複数の通信部12を備える。この場合、局側装置101は、たとえば複数の回線カード52を備える。複数の回線カード52の各々は、通信部12を含む。 For example, the station-side device 102 includes a plurality of communication units 12. In this case, the station apparatus 101 includes a plurality of line cards 52, for example. Each of the plurality of line cards 52 includes the communication unit 12.
 本発明の実施の形態に係る局側装置は、制御カードおよび回線カードを備える構成を有するとしたが、このように限定されるものではない。局側装置は、取得部と、通信部と、認証部とを備えていればよい。これらのユニットが1つのカードに含まれる構成であってもよいし、これらのユニットが上記とは異なる組み合わせで複数種類のカードに振り分けられる構成であってもよい。 The station apparatus according to the embodiment of the present invention has a configuration including a control card and a line card, but is not limited to this. The station side device only needs to include an acquisition unit, a communication unit, and an authentication unit. A configuration in which these units are included in one card may be used, or a configuration in which these units are distributed to a plurality of types of cards in a combination different from the above may be used.
 特許文献1に記載のシステムでは、RADIUSサーバにおいて認証処理が行なわれる。このため、同時期にリンクアップする宅内ゲートウェイ装置の台数が増加すると、RADIUSサーバの処理負荷が増大する。したがって、宅内ゲートウェイ装置がリンクアップしてから通信トラフィックが集線装置および宅内ゲートウェイ装置間で実際に流れ始めるまでの時間が長くなるので、ユーザからの早期の通信開始の要求を満たすことが困難となる。 In the system described in Patent Document 1, authentication processing is performed in a RADIUS server. For this reason, if the number of in-home gateway devices that are linked up at the same time increases, the processing load of the RADIUS server increases. Accordingly, since it takes a long time until the communication traffic actually starts to flow between the concentrator and the home gateway device after the home gateway device is linked up, it becomes difficult to satisfy the request for the early start of communication from the user. .
 本発明の実施の形態に係る局側装置では、取得部11は、ONU202から通知された当該ONU202の識別情報に対応する設定情報を他の装置から取得する。通信部12は、取得部11によって取得された設定情報を用いて当該ONU202と通信する。この設定情報は、当該ONU202に接続される端末装置151の認証情報を含む。認証部13は、当該認証情報を用いて当該端末装置151の認証処理を行なう。 In the station apparatus according to the embodiment of the present invention, the acquisition unit 11 acquires setting information corresponding to the identification information of the ONU 202 notified from the ONU 202 from another apparatus. The communication unit 12 communicates with the ONU 202 using the setting information acquired by the acquisition unit 11. This setting information includes authentication information of the terminal device 151 connected to the ONU 202. The authentication unit 13 performs authentication processing of the terminal device 151 using the authentication information.
 このような構成により、端末装置151の認証処理を行なうためのRADIUSサーバ等の特別な認証サーバが不要となる。さらに、PONシステムにおける認証処理の負荷を各々の局側装置に分散することができる。したがって、ONU202がリンクアップしてから通信トラフィックが端末装置151およびネットワーク401間で実際に流れ始めるまでの時間を短縮することができる。 Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151. Further, the load of authentication processing in the PON system can be distributed to each station side device. Therefore, it is possible to shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
 ONU202の識別情報に対応する認証情報をサーバ161から取得する構成により、オペレータにおいてどの局側装置がどのONU202に接続されるかを事前に把握する必要がなくなる。このため、登録作業が簡易になるとともに、誤った内容のコンフィグファイルが登録される可能性を低減することができる。 The configuration in which the authentication information corresponding to the identification information of the ONU 202 is acquired from the server 161 eliminates the need for the operator to know in advance which station-side device is connected to which ONU 202. For this reason, the registration work can be simplified, and the possibility that a configuration file having an incorrect content is registered can be reduced.
 したがって、本発明の実施の形態に係る局側装置では、局側装置と宅側装置とが通信可能なシステムにおいて、認証処理の負荷による通信開始の遅延を簡易に抑制することができる。 Therefore, in the station-side device according to the embodiment of the present invention, in the system in which the station-side device and the home-side device can communicate, it is possible to easily suppress a communication start delay due to a load of authentication processing.
 本発明の実施の形態に係る局側装置では、複数の通信部12と、通信部12にそれぞれ対応して設けられた複数の認証部13とを備える。 The station apparatus according to the embodiment of the present invention includes a plurality of communication units 12 and a plurality of authentication units 13 provided corresponding to the communication units 12, respectively.
 このような構成により、1または複数のONU202と通信可能な通信部12が複数設けられた局側装置において、PONシステムにおける認証処理の負荷を各通信部12単位で分散することができる。したがって、ONU202がリンクアップしてから通信トラフィックが端末装置151およびネットワーク401間で実際に流れ始めるまでの時間をさらに短縮することができる。 With such a configuration, in the station side apparatus provided with a plurality of communication units 12 capable of communicating with one or a plurality of ONUs 202, the load of authentication processing in the PON system can be distributed for each communication unit 12 unit. Therefore, it is possible to further shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
 本発明の実施の形態に係る局側装置は、制御カード51と、複数の回線カード52とを備える。制御カード51は、取得部11を含む。回線カード52の各々は、通信部12および対応の認証部13と、認証情報を記憶する記憶部14とを含む。 The station apparatus according to the embodiment of the present invention includes a control card 51 and a plurality of line cards 52. The control card 51 includes the acquisition unit 11. Each of the line cards 52 includes a communication unit 12, a corresponding authentication unit 13, and a storage unit 14 that stores authentication information.
 このような構成により、1つの制御カードと、通信部12を含む複数の回線カードとが複数設けられた局側装置において、PONシステムにおける認証処理の負荷をさらに各回線カード単位で分散することができる。このため、処理の集中する制御カード51における処理負荷を軽減して、高スペックのCPU等の高価なデバイスが局側装置に使用されることを回避することができる。したがって装置全体のコストを低減することができる。 With such a configuration, in the station side apparatus provided with a plurality of one control card and a plurality of line cards including the communication unit 12, it is possible to further distribute the authentication processing load in the PON system for each line card. it can. For this reason, it is possible to reduce the processing load on the control card 51 where processing is concentrated, and to avoid the use of expensive devices such as high-spec CPUs in the station side apparatus. Therefore, the cost of the entire apparatus can be reduced.
 本発明の実施の形態に係る情報管理装置では、記憶部32は、ONU202との通信に局側装置が用いるONU202ごとの設定情報を記憶する。付与部31は、記憶部32に記憶された各設定情報のうち、局側装置から通知されたONU202の識別情報に対応する設定情報を当該局側装置に与える。当該設定情報は、当該ONU202に接続される端末装置151の認証情報を含む。 In the information management device according to the embodiment of the present invention, the storage unit 32 stores setting information for each ONU 202 used by the station side device for communication with the ONU 202. The assigning unit 31 provides setting information corresponding to the identification information of the ONU 202 notified from the station side device among the setting information stored in the storage unit 32 to the station side device. The setting information includes authentication information of the terminal device 151 connected to the ONU 202.
 このような構成により、端末装置151の認証処理を行なうためのRADIUSサーバ等の特別な認証サーバが不要となる。さらに、PONシステムにおける認証処理の負荷を各々の局側装置に分散することができる。このため、ONU202がリンクアップしてから通信トラフィックが端末装置151およびネットワーク401間で実際に流れ始めるまでの時間を短縮することができる。 Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151. Further, the load of authentication processing in the PON system can be distributed to each station side device. For this reason, it is possible to reduce the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
 局側装置から通知されたONU202の識別情報に対応する認証情報を当該局側装置に与える構成により、オペレータにおいてどの局側装置がどのONU202に接続されるかを事前に把握する必要がなくなる。このため、登録作業が簡易になるとともに、誤った内容のコンフィグファイルが登録される可能性を低減することができる。 With the configuration in which authentication information corresponding to the identification information of the ONU 202 notified from the station-side device is given to the station-side device, the operator does not need to know in advance which station-side device is connected to which ONU 202. For this reason, the registration work can be simplified, and the possibility that a configuration file having an incorrect content is registered can be reduced.
 したがって、本発明の実施の形態に係る情報管理装置では、局側装置と宅側装置とが通信可能なシステムにおいて、認証処理の負荷による通信開始の遅延を簡易に抑制することができる。 Therefore, in the information management apparatus according to the embodiment of the present invention, in the system in which the station side apparatus and the home side apparatus can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
 本発明の実施の形態に係る局側装置における端末認証方法では、まず、ONU202から通知された当該ONU202の識別情報に対応する設定情報を他の装置から取得する。次に、取得した設定情報を用いて当該ONU202と通信する。当該設定情報は、当該ONU202に接続される端末装置151の認証情報を含む。次に、当該認証情報を用いて当該端末装置151の認証処理を行なう。 In the terminal authentication method in the station side apparatus according to the embodiment of the present invention, first, setting information corresponding to the identification information of the ONU 202 notified from the ONU 202 is acquired from another apparatus. Next, it communicates with the ONU 202 using the acquired setting information. The setting information includes authentication information of the terminal device 151 connected to the ONU 202. Next, authentication processing of the terminal device 151 is performed using the authentication information.
 このような構成により、端末装置151の認証処理を行なうためのRADIUSサーバ等の特別な認証サーバが不要となる。さらに、PONシステムにおける認証処理の負荷を各々の局側装置に分散することができる。したがって、ONU202がリンクアップしてから通信トラフィックが端末装置151およびネットワーク401間で実際に流れ始めるまでの時間を短縮することができる。 Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151. Further, the load of authentication processing in the PON system can be distributed to each station side device. Therefore, it is possible to shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
 ONU202の識別情報に対応する認証情報をサーバ161から取得する構成により、オペレータにおいてどの局側装置がどのONU202に接続されるかを事前に把握する必要がなくなるため、登録作業が簡易になるとともに、誤った内容のコンフィグファイルが登録される可能性を低減することができる。 The configuration in which the authentication information corresponding to the identification information of the ONU 202 is acquired from the server 161 eliminates the need for the operator to know in advance which station side device is connected to which ONU 202. It is possible to reduce the possibility of registering a configuration file with incorrect contents.
 したがって、本発明の実施の形態に係る端末認証方法では、局側装置と宅側装置とが通信可能なシステムにおいて、認証処理の負荷による通信開始の遅延を簡易に抑制することができる。 Therefore, in the terminal authentication method according to the embodiment of the present invention, in a system in which the station side device and the home side device can communicate, it is possible to easily suppress a delay in communication start due to a load of authentication processing.
 本発明の実施の形態に係る情報管理装置における情報管理方法では、まず、ONU202との通信に局側装置が用いるONU202ごとの設定情報を記憶する。次に、記憶した各設定情報のうち、局側装置から通知されたONU202の識別情報に対応する設定情報を当該局側装置に与える。当該設定情報は、当該ONU202に接続される端末装置151の認証情報を含む。 In the information management method in the information management apparatus according to the embodiment of the present invention, first, the setting information for each ONU 202 used by the station side apparatus for communication with the ONU 202 is stored. Next, among the stored pieces of setting information, setting information corresponding to the identification information of the ONU 202 notified from the station side device is given to the station side device. The setting information includes authentication information of the terminal device 151 connected to the ONU 202.
 このような構成により、端末装置151の認証処理を行なうためのRADIUSサーバ等の特別な認証サーバが不要となる。さらに、PONシステムにおける認証処理の負荷を各々の局側装置に分散することができる。したがって、ONU202がリンクアップしてから通信トラフィックが端末装置151およびネットワーク401間で実際に流れ始めるまでの時間を短縮することができる。 Such a configuration eliminates the need for a special authentication server such as a RADIUS server for performing the authentication process of the terminal device 151. Further, the load of authentication processing in the PON system can be distributed to each station side device. Therefore, it is possible to shorten the time from when the ONU 202 is linked up until the communication traffic actually starts to flow between the terminal device 151 and the network 401.
 さらに、局側装置から通知されたONU202の識別情報に対応する認証情報を当該局側装置に与える構成により、オペレータにおいてどの局側装置がどのONU202に接続されるかを事前に把握する必要がなくなる。このため、登録作業が簡易になるとともに、誤った内容のコンフィグファイルが登録される可能性を低減することができる。 Furthermore, the configuration in which authentication information corresponding to the identification information of the ONU 202 notified from the station side device is given to the station side device eliminates the need for the operator to know in advance which station side device is connected to which ONU 202. . For this reason, the registration work can be simplified, and the possibility that a configuration file having an incorrect content is registered can be reduced.
 したがって、本発明の実施の形態に係る情報管理方法では、局側装置と宅側装置とが通信可能なシステムにおいて、認証処理の負荷による通信開始の遅延を簡易に抑制することができる。 Therefore, in the information management method according to the embodiment of the present invention, in the system in which the station side device and the home side device can communicate, it is possible to easily suppress the delay of the communication start due to the authentication processing load.
 上記実施の形態は、すべての点で例示であって制限的なものではないと考えられるべきである。本発明の範囲は、上記説明ではなく請求の範囲によって示され、請求の範囲と均等の意味および範囲内でのすべての変更が含まれることが意図される。 It should be considered that the above embodiment is illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.
 以上の説明は、以下に付記する特徴を含む。
 [付記1]
 宅側装置から通知された前記宅側装置の識別情報に対応する設定情報を他の装置から取得する取得部と、
 前記取得部によって取得された前記設定情報を用いて前記宅側装置と通信する通信部とを備え、
 前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含み、
 さらに、
 前記認証情報を用いて前記端末装置の認証処理を行なう認証部を備え、
 前記端末装置は、ホームゲートウェイであり、
 DPoEに従って動作する、局側装置。 The above description includes the following features.
[Appendix 1]
An acquisition unit that acquires setting information corresponding to the identification information of the home-side device notified from the home-side device;
A communication unit that communicates with the home device using the setting information acquired by the acquisition unit;
The setting information includes authentication information of a terminal device connected to the home device,
further,
An authentication unit that performs authentication processing of the terminal device using the authentication information,
The terminal device is a home gateway;
A station-side device that operates according to DPoE.
 [付記2]
 宅側装置との通信に局側装置が用いる前記宅側装置ごとの設定情報を記憶する記憶部と、
 前記記憶部に記憶された各前記設定情報のうち、前記局側装置から通知された前記宅側装置の識別情報に対応する前記設定情報を前記局側装置に与える付与部とを備え、
 前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含み、
 前記記憶部は、複数の前記局側装置が用いる前記設定情報を記憶し、
 前記端末装置は、ホームゲートウェイであり、
 前記局側装置は、DPoEに従って動作する、情報管理装置。 [Appendix 2]
A storage unit for storing setting information for each home-side device used by the station-side device for communication with the home-side device;
Of each of the setting information stored in the storage unit, including a granting unit that gives the setting information corresponding to the identification information of the home-side device notified from the station-side device, to the station-side device,
The setting information includes authentication information of a terminal device connected to the home device,
The storage unit stores the setting information used by a plurality of the station side devices,
The terminal device is a home gateway;
The station side device is an information management device that operates according to DPoE.
 11 取得部、12 通信部、13 認証部、14 記憶部、31 付与部、32 記憶部、33 登録部、51 制御カード(制御基板)、52 回線カード(回線基板)、101,102,111,112 局側装置、151 端末装置、152 オペレータ端末、161 サーバ(情報管理装置)、162 認証サーバ、163 認証情報データベース、202 ONU(宅側装置)、301,302,311,312 PONシステム。 11 acquisition unit, 12 communication unit, 13 authentication unit, 14 storage unit, 31 grant unit, 32 storage unit, 33 registration unit, 51 control card (control board), 52 line card (line board), 101, 102, 111, 112 station side device, 151 terminal device, 152 operator terminal, 161 server (information management device), 162 authentication server, 163 authentication information database, 202 ONU (home side device), 301, 302, 311, 312 PON system.

Claims (6)

  1.  宅側装置から通知された前記宅側装置の識別情報に対応する設定情報を他の装置から取得する取得部と、
     前記取得部によって取得された前記設定情報を用いて前記宅側装置と通信する通信部とを備え、
     前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含み、
     さらに、
     前記認証情報を用いて前記端末装置の認証処理を行なう認証部を備える、局側装置。     An acquisition unit that acquires setting information corresponding to the identification information of the home-side device notified from the home-side device;
    A communication unit that communicates with the home device using the setting information acquired by the acquisition unit;
    The setting information includes authentication information of a terminal device connected to the home device,
    further,
    A station side apparatus provided with the authentication part which performs the authentication process of the said terminal device using the said authentication information.
  2.  前記局側装置は、
     複数の前記通信部と、
     前記通信部にそれぞれ対応して設けられた複数の前記認証部とを備える、請求項1に記載の局側装置。     The station side device
    A plurality of the communication units;
    The station side apparatus according to claim 1, comprising a plurality of the authentication units provided corresponding to the communication units.
  3.  前記局側装置は、
     制御基板と、
     複数の回線基板とを備え、
     前記制御基板は、前記取得部を含み、
     前記回線基板の各々は、前記通信部および対応の前記認証部と、前記認証情報を記憶する記憶部とを含む、請求項2に記載の局側装置。     The station side device
    A control board;
    A plurality of circuit boards,
    The control board includes the acquisition unit,
    3. The station-side device according to claim 2, wherein each of the circuit boards includes the communication unit and the corresponding authentication unit, and a storage unit that stores the authentication information.
  4.  宅側装置との通信に局側装置が用いる前記宅側装置ごとの設定情報を記憶する記憶部と、
     前記記憶部に記憶された各前記設定情報のうち、前記局側装置から通知された前記宅側装置の識別情報に対応する前記設定情報を前記局側装置に与える付与部とを備え、
     前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含む、情報管理装置。     A storage unit for storing setting information for each home-side device used by the station-side device for communication with the home-side device;
    Of each of the setting information stored in the storage unit, including a granting unit that gives the setting information corresponding to the identification information of the home-side device notified from the station-side device, to the station-side device,
    The setting information includes an authentication information of a terminal device connected to the home side device.
  5.  局側装置における端末認証方法であって、
     宅側装置から通知された前記宅側装置の識別情報に対応する設定情報を他の装置から取得するステップと、
     取得した前記設定情報を用いて前記宅側装置と通信するステップとを含み、
     前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含み、
     さらに、
     前記認証情報を用いて前記端末装置の認証処理を行なうステップを含む、端末認証方法。     A terminal authentication method in a station side device,
    Obtaining setting information corresponding to the identification information of the home-side device notified from the home-side device from another device;
    Communicating with the home device using the acquired setting information,
    The setting information includes authentication information of a terminal device connected to the home device,
    further,
    A terminal authentication method including a step of performing authentication processing of the terminal device using the authentication information.
  6.  情報管理装置における情報管理方法であって、
     宅側装置との通信に局側装置が用いる前記宅側装置ごとの設定情報を記憶するステップと、
     記憶した各前記設定情報のうち、前記局側装置から通知された前記宅側装置の識別情報に対応する前記設定情報を前記局側装置に与えるステップとを含み、
     前記設定情報は、前記宅側装置に接続される端末装置の認証情報を含む、情報管理方法。     An information management method in an information management device, comprising:
    Storing setting information for each home-side device used by the station-side device for communication with the home-side device;
    Providing the setting information corresponding to the identification information of the home-side device notified from the station-side device among the stored setting information to the station-side device,
    The information management method, wherein the setting information includes authentication information of a terminal device connected to the home side device.
PCT/JP2016/074776 2015-11-04 2016-08-25 Station-side device, information management device, terminal authentication method and information management method WO2017077760A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015216602A JP2017092556A (en) 2015-11-04 2015-11-04 Station side device, information management device, terminal authentication method, and information management method
JP2015-216602 2015-11-04

Publications (1)

Publication Number Publication Date
WO2017077760A1 true WO2017077760A1 (en) 2017-05-11

Family

ID=58661882

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/074776 WO2017077760A1 (en) 2015-11-04 2016-08-25 Station-side device, information management device, terminal authentication method and information management method

Country Status (2)

Country Link
JP (1) JP2017092556A (en)
WO (1) WO2017077760A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547953A (en) * 2017-09-25 2018-01-05 烽火通信科技股份有限公司 A kind of method that communication between plates are realized in PON system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021001939A1 (en) * 2019-07-02 2021-01-07 日本電信電話株式会社 Optical network unit, communication network system, and communication method
JP7468297B2 (en) 2020-10-28 2024-04-16 住友電気工業株式会社 Distribution device, communication system, subscriber management system, distribution method, and setting method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008236674A (en) * 2007-03-23 2008-10-02 Mitsubishi Electric Corp Subscriber side optical line termination apparatus
JP2010130341A (en) * 2008-11-27 2010-06-10 Mitsubishi Electric Corp Ge-pon system
JP2010226693A (en) * 2009-02-27 2010-10-07 Fujitsu Telecom Networks Ltd Optical line terminator in pon system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4786423B2 (en) * 2006-06-05 2011-10-05 三菱電機株式会社 Communication system and intra-station device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008236674A (en) * 2007-03-23 2008-10-02 Mitsubishi Electric Corp Subscriber side optical line termination apparatus
JP2010130341A (en) * 2008-11-27 2010-06-10 Mitsubishi Electric Corp Ge-pon system
JP2010226693A (en) * 2009-02-27 2010-10-07 Fujitsu Telecom Networks Ltd Optical line terminator in pon system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ROH, SS ET AL.: "Security model and authentication in EPON-based optical access network", PROCEEDINGS OF 2003 5TH INTERNATIONAL CONFERENCE ON TRANSPARENT OPTICAL NETWORKS, 2003, pages 99 - 102, XP010681404 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547953A (en) * 2017-09-25 2018-01-05 烽火通信科技股份有限公司 A kind of method that communication between plates are realized in PON system
CN107547953B (en) * 2017-09-25 2020-05-19 烽火通信科技股份有限公司 Method for realizing inter-board communication in PON system

Also Published As

Publication number Publication date
JP2017092556A (en) 2017-05-25

Similar Documents

Publication Publication Date Title
KR101325790B1 (en) Distributed authentication functionality
US8627423B2 (en) Authorizing remote access points
CN105027529A (en) Method and device for secure network access
JP6394695B2 (en) Station side device, communication control method, and communication control program
TW201707415A (en) Method, Apparatus, and System for Secure Authentication
WO2009052676A1 (en) Method and systme for user authenticating
US20160072784A1 (en) Client, server, radius capability negotiation method and system between client and server
CN112714370B (en) Service configuration method, device and system
WO2017077760A1 (en) Station-side device, information management device, terminal authentication method and information management method
CN104901940A (en) 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication
CN102571353B (en) The method of verifying legitimacy of home gateway in passive optical network
CN106162387B (en) Authentication registration method, device and system of optical access module
CN111031540B (en) Wireless network connection method and computer storage medium
CN112929387B (en) Broadband network multiple authentication and encryption method applied to intelligent community
JP2022114465A (en) Service start method and communication system
WO2012041029A1 (en) Method and device for server processing service
CN102271125A (en) Method for carrying out 802.1X authentication cross equipment, access equipment and access control equipment
CN105530687B (en) A kind of wireless network access controlling method and access device
KR100904215B1 (en) System and method for managing access to network based on user authentication
JP2007226620A (en) Home gateway device and accounting management system for network system
Kang U2fi: A provisioning scheme of iot devices with universal cryptographic tokens
US20210409385A1 (en) Method and apparatus for authenticating a device or user
CN112219416A (en) Techniques for authenticating data transmitted over a cellular network
JP2010130341A (en) Ge-pon system
JP7207542B2 (en) Optical subscriber line terminal device, communication network system and communication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16861829

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16861829

Country of ref document: EP

Kind code of ref document: A1