User's Manual
On-Ramp Wireless Confidential and Proprietary 5 010-0059-00 Rev. A
3 Local Key Server
The Local Key Server (LKS) is an integral part of the key provisioning, management, and ULP
network access control system. The LKS is a physically secured server that uses secure TCP
protocols (SSL) to communicate with one or more Node Provisioning Tools (NPT) clients. The LKS
maintains a database (for example, node_keys.db) containing the Gateway key, the code
download (CDLD) key, and the node root key for a range of eNodes. The database file name is
specified by the customer. The eNodes (sometimes referred to as nodes) are provisioned on a
separate NPT client that connects to the LKS through a Secure Socket Layer (SSL) link to retrieve
the keys. The following diagram provides an overview of ULP Key Management when in
operational mode.
CUSTOMER
KMS (Server)
ULP KMS
ULP
Gateway
(Server)
import_keys.py
MANUFACTURER 1 / INTEGRATOR 1
LKS (Server)
lks_server.py
export_keys.py
node_keys.db
Encrypted Batch Key File
(node_keys.csv.rsa)
MANUFACTURER 2 / INTEGRATOR 2
LKS (Server)
lks_server.py
export_keys.py
node_keys.db
Encrypted Batch Key File
(node_keys.csv.rsa)
MANUFACTURER 3 / INTEGRATOR 3
LKS (Server)
lks_server.py
export_keys.py
node_keys.db
Encrypted Batch Key File
(node_keys.csv.rsa)
IPsec
Tunnel
Master Key File
(keyring.csv)
Diameter
Protocol
NPT (Client)
provision_node_keys.py
eNode
SSL
eNode
NPT (Client)
provision_node_keys.py
SSL
eNode
eNode
NPT (Client)
provision_node_keys.py
eNode
SSL
eNode
NPT (Client)
provision_node_keys.py
SSL
eNode
eNode
NPT (Client)
provision_node_keys.py
eNode
SSL
eNode
NPT (Client)
provision_node_keys.py
SSL
eNode
eNode
Figure 2. ULP Key Management in Operational Mode