User's Manual
Mobile WiMAX Indoor RAS SPI-2210 System Description/Ed.07
© SAMSUNG Electronics Co., Ltd. 4-6
(Continued)
Classification Description
(12)~(16) When the authentication is successfully completed, the ACR receives the Master
Session Key (MSK) that is the upper key to provide security and provisioned
policy information per subscriber from the AAA server using the Diameter EAP
Answer (DEA) message (when the Diameter protocol is used) or the Access-
Accept message (when the RADIUS protocol is used). The ACR generates the
AK from the MSK and sends the RAS a Key_Change_Directive message
including the generated AK Context information and Security Association (SA)
information for the MS. In addition, the RAS relays the EAP Success information
to the MS using the PKMv2-EAP-Transfer message.
(17)~(19) After the EAP authentication, the RAS verifies the AK key value which it has with
MS, and transmits the SA-TEK-Challenge message to the MS to notify the start
of the SA negotiation, and the MS verifies the CMAC of the SA-TEK-Challenge
message, checks the AK key value, and transmits the SA negotiation information
to the RAS by using SA-TEK-Request. The RAS transmits SA-TEK-Response
including the AKID and the SA Descriptor which is the final result of the SA
negotiation to the MS.
(20)~(21) The MS requests the Traffic Encryption Key (TEK) to the RAS by using PKMv2
Key-Request, and the RAS creates the TEK randomly and transmits it to the MS
by using the PKMv2 Key-Reply message. Then, the TEK is transmitted by being
encrypted via the Key Encryption Key (KEK).
Keys and Functions
The functions of the keys are as follows.
- MSK: creates the AK
- AK: creates the CMAC key
- KEK: encrypts the TEK
- CMAC key: provides integrity for the MAC management message
- TEK: encrypts traffics in wireless sections