Authentication and initial key exchange in ethernet passive optical network over coaxial network

What is claimed is: 1. An Optical Line Terminal (OLT) comprising: a receiver coupled to a Passive Optical Network (PON) and configured to receive a security key request from a Fiber Coaxial Unit (FCU) via the PON wherein the receiver is further configured to receive an upstream message from a Coaxial Network Unit (CNU) via the FCU and an Ethernet PON over Coaxial (EPoC) network; a processor coupled to the receiver and configured to: generate a first security key responsive to the security key request from the FCU; encrypt the first security key in a security key response message; encrypt a downstream message with the first security key; decrypt the upstream first security key; and initiate a switchover from the first security key to a second security key upon expiration of a timer; a transmitter coupled to the processor and configured to transmit the security key response message comprising the encrypted first security key to the FCU via the PON, wherein the transmitter is further configured to transmit the downstream message toward the CNU via the FCU and the EPoC network, wherein the switchover comprises: generating and encrypting the second security key by the processor; transmitting the encrypted second security key toward the CNU by the transmitter; encrypting downstream traffic with the first security key until the receiver receives upstream traffic from the CNU that is encrypted with the second security key; and encrypting downstream traffic with the second security key in response to receiving upstream traffic that is encrypted with the second security key. 2. The OLT of claim 1 , wherein the transmitter is further configured to transmit a key switchover verification message to request an acknowledgement that the switchover is complete at the CNU. 3. The OLT of claim 2 , wherein the transmitter is further configured to transmit the key switchover verification message to request an acknowledgement that the switchover is complete at the FCU. 4. A method comprising: generating, by an Optical Line Terminal (OLT), an updated security key upon expiration of a key exchange timer; transferring, by the OLT, the updated security key to an endpoint, wherein the endpoint is at least one of a Fiber Coaxial Unit (FCU) and a Coaxial Network Unit (CNU), wherein the OLT transfers the updated security key to the FCU via a Passive Optical Network (PON) when the endpoint is the FCU, and wherein the OLT transfers the updated security key to the CNU via the FCU and an Ethernet PON over Coaxial (EPoC) network when the endpoint is the CNU; retaining an original security key, wherein the updated security key comprises a different key identification number than the original security key; accepting and decrypting upstream traffic that employs either the original security key or the updated security key; after transferring the updated security key to the endpoint, creating a key switchover timer; before the key switchover timer expires, verify that upstream traffic transferred from the endpoint on a logical link uses the updated security key; and begin, in response to upstream traffic being encrypted using the updated security key, using the updated security key to encrypt downstream traffic and clear the key switchover timer. 5. The method of claim 4 , wherein the original security key and the updated security keys each comprise a 128-bit random key string associated with the logical link.