User's Manual
BM2022 Users Guide 205
APPENDIX  A
WiMAX Security
Wireless security is vital to protect your wireless communications. Without it, information 
transmitted over the wireless network would be accessible to any networking device within range.
User Authentication and Data Encryption
The WiMAX (IEEE 802.16) standard employs user authentication and encryption to ensure secured 
communication at all times.
User authentication is the process of confirming a users identity and level of authorization. Data 
encryption is the process of encoding information so that it cannot be read by anyone who does not 
know the code. 
WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and CCMP (Counter 
Mode with Cipher Block Chaining Message Authentication Protocol) for data encryption. 
WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows additional 
authentication methods to be deployed with no changes to the base station or the mobile or 
subscriber stations.
PKMv2
PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of 
a public key to encrypt traffic between the MS/SS and the base station. PKMv2 uses standard EAP 
methods such as Transport Layer Security (EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure 
communication. 
In cryptography, a key is a piece of information, typically a string of random numbers and letters, 
that can be used to lock (encrypt) or unlock (decrypt) a message. Public key encryption uses key 
pairs, which consist of a public (freely available) key and a private (secret) key. The public key is 
used for encryption and the private key is used for decryption. You can decrypt a message only if 
you have the private key. Public key certificates (or digital IDs) allow users to verify each others 
identity. 
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and 
accounting. The base station is the client and the server is the RADIUS server. The RADIUS server 
handles the following tasks:
 Authentication 
Determines the identity of the users.










