User's Manual
Table Of Contents
- Scope of This Manual
- Conventions Used in This Manual
- Intended Audience for this Manual
- General Cautions and Warnings
- List of References
- Overview Of Subscriber Station
- Installation of Subscriber Station
- Aperto Installation Manager
- Specifications
- Event Reporting
- Cables, Spares and Accessories
- Command Line Interface (CLI)
- Virtual Local Area Network
- Troubleshooting
- LIMITED EQUIPMENT WARRANTY (“Agreement”)
1–7
PacketMax 100/300 User Manual, 10007306, Rev J
Chapter 1. Overview Of Subscriber Station
Figure 1-2 3-DES Encryption
NOTE: TEK is encrypted using KEK derived from Authorization key and 3DES
Algorithm, while data is encrypted using TEK and DES Algorithm.
1.4.6 Certificates and Management
WiMax forum prescribes X.509 based digital-certificate for authorization process.
which is part of the negotiation process as described in the above section. The cer
-
tificates are used to strengthen the security process.
The Aperto WiMax Root Certificate, is a Self-Signed certificate issued by the Aperto
Certifying Authority (CA). The CA is stored in the BS. The X.509 certificates are
injected into the base station devices at manufacturing time and can later be upgraded
from the EMS.
The Root Certificate is the same across all Base Stations and shall be available on
MSC, as the Certificate Verification happens on MSC. In the case, when primary and
redundant MSCs are installed, the Certificates need to be available on both the MSC
Authorization Key
Traffic Encryption Key
3-DES Encryption
SS uses PK to
decrypt
SS uses KEK
from AK
SS Initiates
Authorization
BS validates
Certificates
Privacy Key Management — PKM
Private Key — PK
Key Encryption Key — KEK
Traffic Encryption Key — TEK
BS
SS
Traffic Encryption Key
3-DES Encryption
Authorization Key