4
Table 1. The Authentication Process
Step
Description of Task
1
When an SM attempts to enter the Canopy network
it sends a registration request to the AP.
2
The AP then sends an authentication request to the
BAM.
3
The BAM generates a 128 bit random number that is
sent to the SM as a challenge.
4
The SM calculates a response using either its factory
set key or the Authorization key it has been assigned
by the network operator.
5
This challenge response is sent to the BAM through
the AP.
6
The BAM compares the challenge response to what
it calculated using the same random number and the
Authentication key from the BAM SQL database.
7
If the results agree, the BAM sends the AP a
message authenticating the SM and sends the SM
and AP QoS information.
8
If the results do not agree or the SM is not in the
database the BAM sends the AP a message denying
authentication and the AP sends the SM a message
to lock itself out from that AP for 15 minutes before
retrying.
K
EY
M
ANAGEMENT
The Canopy system uses an ESN, two keys and a random number for authentication.
Table 2 details the functionality of each of these along with the random number.
Table 2. Canopy Key Management
Key/Number
Description
Electronic Serial Number
Each Canopy SM has a factory set ESN that
cannot be changed. The ESN is the identifier
which is being authenticated and is 48 bits in
length.
Authentication Key
(Authorization key or Skey)
This key is set by the network operator in the
BAM SQL database and by either the network
operator or by the subscriber in the SM. This
key can be seen in the BAM SQL database by
the network operator; it can’t be displayed in
the SM Configuration web page by
subscriber. It is 128 bits in length.