Download - 802.16 PKM 協定
-
802.16 PKMPKM()MS/SSPKMBSBSMS/SSBSPKMPKM (Authorization state machine) TEK(TEK state machine)TEKTEKTEKTEKAKTEK
-
802.16 PKM802.16dPKMv1RSA(BS)(SS)802.16ePKMv2RSAEAP(BS)(MS)(Mutual Authenication)
-
802.16 PKMPKMv1(BS)(SS) PKMv2Single EAP Double EAP EAPEAP EAP-TLSEAP-TTLSEAP-SIMEAP-AKA..(AK-transfer)
-
PKM RSA/EAP PKMv1RSAPKMv2RSAEAPPKM RSA/EAP PKM RSAX.509X.509(Public Key)MAC()RSA
-
PKM RSA/EAP PKM EAP PKM EAPIETF RFC 3748(ExtensibleAuthentication Protocol )EAP()802.16eEAPEAPEAPEAP-TLSX.509
-
PKMv1 :1. AKKEKHMAC-digest2. KEK()BSSSTEKTEK3. HMAC-digest()SHABSSSAKSSBS
-
PKMv1 PKMv1:1. SSBSSS2. SSBSBSSS3. BSAKSSAKSS4. SSAKSAIDTEKTEKTEK5. BSBSTEK(TEKTEK1TEK)KEKTEKAKSAIDTEKDES CBC mode64bits CBC-IV(Key Reply)SS
-
a.AKAK b.SS(SAID) c.PKM(TimerKey)KeyP.S. SSBSAKAKSSSAIDTEKBSTEKSSTEKBSTEK
-
AKAKSSAK(Grace Time)BSAKSSAKBSSSKey RequestAKSSAKHMAC-digest1 :SSAKKey RequestHMAC-digestBSAKKey RequestAKKEKKEY ReplyHMAC-digest2:SSAKKey RequestHMAC-digestBSSSAKBSAKKey RequestAKKEKKEY ReplyHMAC-digest
-
BSSSAK
-
TEKTEK3012BSTEK 1. BSTEKGeneric MAC Headerencryption key sequenceSSTEK 2. BSTEKTEKSSTEK1. SSTEKGenericMAC Headerencryption key sequenceBSTEK2. SSTEKTEK
-
BSSSAK
-
SAID : SSBSID ,SAIDBSTEKTEKTEK1TEKPKMv1(Authorization KeyAK)PKMv2 pre-PAK(Primary Authorization Key)
-
PKMv2 PMKv2RSAEAPPKMv1BSSSPKMv2PKMv2 RSASSBS802.16e(Device)(Subscriber)PKMv2 EAPAAAPKMv2PKMv2TEK
-
RSASSBSEAPPKMv21. BSSS2. SSBS3. BSAKAKSSAK(Key Encryption KeyKEK)(HMAC-digest)4. BSSASAIDSS
-
RSASigSS(SigBS)SS(BS)RSA
-
RSA1. SSBS(SSX.509)2. SSPKMv2 RSA-RequestBSSS(MS_Random)SSX.509SSPrimary SAID3. BSPKMv2 RSA-RequestSSPKMv2 RSA-Request(SigSS)PKMv2 RSA-ReplySSMS_RandomPKMv2 RSA-RequestMS_RandomBS(BS_Random)SSpre-PAK(Primary Authorization Key) PAKPAKpre-PAKAKKEKMACEIKBSX.509BSSigBS4. SSPKMv2 RSA-ReplyBSPKMv2 RSA-Reply(SigBS)BS3SA-TEKAK3SA-TEKSSBSpre-PAKAKKEKHMACCMAC5. TEK
-
EAP EAPMS(Supplicant)BSEAP(Authenticator) AAA clientEAPRADIUSAAA EAPMSAAA IEEEMSBSPKMBSAuthenticatorAuthenticatorAAAWiMAX EAPEAP(CSN)EAP(Double EAP)Authenticated-EAPafter-EAP
-
EAPMS(Supplicant)BSEAP(Authenticator)AAA clientEAPRADIUSAAAEAPMSAAAIEEEMSBSPKMBSAuthenticatorAuthenticatorAAAWiMAXEAPEAP(CSN)EAP(Double EAP)Authenticated-EAPafter-EAP
-
EAP1. MSBSSBCPKMv1PKMv2MACPKMv2EAPEAP2. MSPKMv2 EAP startBSEAP3. MSAAAEAPBSMSBSEAPPKMv2 EAP TransferAKPKMv2 EAP TransferCMAC digest
-
EAP4. 3 EAPBSEAP-SuccessPKMv2 EAP CompleteMSMSPKMv2 Authenticated EAPstart5. MSPKMv2 EAP CompleteMSAAAEAPMSK EAPAAAMSK(BS) MSMSKPMKEAP Integrity Key(EIK)
-
EAP6. MSPKMv2 EAP CompletePKMv2 Authenticated EAPstartEAP CMAC digest CMAC_KEY_*EAPEIK BSPKMv2 Authenticated EAP startCMAC_KEY_*BSEAP
-
EAP7. MSAAAEAPBSMSBSEAPPKMv2 Authenticated EAP TransferCMAC8. 7 EAPBSEAP-SuccessPKMv2 Authenticated EAP CompleteMSEAP9. EAPMSAAAEAPMSK2AAAMSK2(BS)MS(BS)MSK2PMK2MS(BS)PMKPMK2AK
-
EAP10. ~12.MSBS3SA-TEKAK13. ~14.MSBSTEK
MSBSPMKPMK2EAPPKMv2EAPAK