User guide

Canopy System User Guide Configuring a BH Timing Master for the

Destination

pmp-0229 (Mar 2013)

345

Encryption

Specify the type of air link security to apply to this BHM:

• Encryption Disabled provides no encryption on the air link. This is the default mode.

• Encryption Enabled provides encryption, using a factory-programmed secret key that is

unique for each module.

NOTE:

In any BH link where encryption is enabled, the BHS briefly drops registration

and re-registers in the BHM every 24 hours to change the encryption key.

24 Hour Encryption Refresh

A BHM that has encryption enabled forces its BHS to re-register once every 24 hours, during

which the BHM refreshes the encryption key. This provides a level of security, but results in a

brief but daily downtime. Since the refresh occurs in 24 hour increments that begin when the link

is established, the only way to set a favorable the time of day (for example, 2:00 AM) for the key

refresh is to reboot either the BHM or BHS at the favorable time.

When this feature is disabled, the key is refreshed upon only other re-registration events, such as a

reboot. The default status of this feature is Enable.

The algorithm used in Advanced Encryption Standard (AES) encryption-capable radios is certified

by the National Institute of Standards and Technology (NIST) to meet government Federal

Information Processing Standard-197 (FIPS-197) for ensuring secure data communication.

Refreshing the key at 24-hour intervals is not needed for AES radios to meet FIPS 197, but

provides an level of security above the algorithm itself.

BHS Display of BHM Evaluation Data

You can use this field to suppress the display of data (Disable Display) about this BHM on the

BHM Evaluation tab of the Tools page in the BHS.

Web, Telnet, FTP Session Timeout

Enter the expiry in seconds for remote management sessions via HTTP, telnet, or ftp access to

the BHM.