User's Manual
Table Of Contents
- Scope of This Manual
- Conventions Used in This Manual
- Intended Audience for this Manual
- General Cautions and Warnings
- List of References
- Overview Of Subscriber Station
- Installation of Subscriber Station
- Aperto Installation Manager
- Specifications
- Event Reporting
- Cables, Spares and Accessories
- Command Line Interface (CLI)
- Virtual Local Area Network
- Troubleshooting
- LIMITED EQUIPMENT WARRANTY (“Agreement”)
1–6
PacketMax 100/300 User Manual, 10007306, Rev J
Chapter 1. Overview Of Subscriber Station
2. The BS authorizes the SS by verifying the device and Vendor Certificate of the
SS during the Privacy Key Management (PKM) Message Exchange.
3. An Authorization Key (AK) is used to decrypt the Traffic Encryption Keys
(TEKs) using PKM protocol. The AK is periodically refreshed and is encrypted
using 3DES.
4. In the BS, the TEKs are generated and send to SS using the 3DES encryption
format. The SS decrypts these TEKs using a Key Encryption Key (KEK) gen
-
erated from the AK. If the BS encrypts the TEK using the RSA Public Key of
SS, then the SS decrypts it using its Private Key.
5. The TEKs are used for encrypting data on different Service Flows (SF) between
the BS and SS.
6. All the Service Flows for one SS will have the same key in both upstream and
downstream.
NOTE: To enable encryption on every service flow, please refer to the WaveCenter
EMS User Manual.
7. The traffic between the BS and SS can now be encrypted/decrypted using the
TEK keys.
8. If the CPE fails authentication, the CPE can re-try authentication.