1–18
PacketMax 5000 Installation and Operation Manual, 10007678 Rev J
Chapter 1. Overview Of Base Station
8.
If the CPE fails authentication, the CPE can re-try authentication.
Figure 1-8
3-DES Encryption
NOTE: TEK is encrypted using KEK derived from Authorization key and 3DES
Algorithm, while data is encrypted using TEK and DES Algorithm.
1.3.7 Certificates and Management
WiMax forum prescribes X.509 based digital-certificate for authorization process.
which is part of the negotiation process as described in the above section. The cer-
tificates are used to strengthen the security process.
The Aperto WiMax Root Certificate, is a Self-Signed certificate issued by the Aperto
Certifying Authority (CA). The CA is stored in the BS. The X.509 certificates are
injected into the subscriber station devices at manufacturing time and can later be
upgraded from the EMS.
The Root Certificate is the same across all Base Stations and shall be available on
MSC, as the Certificate Verification happens on MSC. In the case, when primary and
Authorization Key
Traffic Encryption Key
3-DES Encryption
SS uses PK to
decrypt
SS uses KEK
from AK
SS Initiates
Authorization
BS validates
Certificates
Privacy Key Management — PKM
Private Key — PK
Key Encryption Key
— KEK
Traffic Encryption Key — TEK
BS
SS
Traffic Encryption Key
3-DES Encryption
Authorization Key
Summary of Contents for PacketMAX 5000
Page 10: ...Preface Preface vi PacketMax 5000 Installation and Operation Manual 10007678 Rev J ...
Page 14: ...Table Of Content TOC 4 PacketMax 5000 Installation and Operation Manual 10007678 Rev J ...
Page 146: ...E 4 PacketMax 5000 Installation and Operation Manual 10007678 Rev J Chapter E Certifications ...
Page 150: ...F 4 PacketMax 5000 Installation and Operation Manual 10007678 Rev J Chapter F Troubleshooting ...