SlideShare a Scribd company logo
Demystifying WiMAX Public Key Infrastructure (PKI) for
Operators and Device Vendors
http://w w w .goingw imax.com/demystifying-w imax-public-key-infrastructure-pki-for-operators-and-device-vendors-10395/ December 1, 2011



Sanjiv Gupta on May 3, 2010 | 2 comments

                                                                    Since the first historical
                                                                    mobile WiMAX network
                                                                    deployment by Clear over a
                                                                    year ago, there have been
                                                                    more than 600 WiMAX
                                                                    networks worldwide which
                                                                    have either commercially
                                                                    launched or have entered into a
                                                                    planning/pre-deployment stage.
                                                                    For new devices (WiMAX
                                                                    Forum Certified or other
                                                                    devices) entering a Greenfield
                                                                    network, or for new devices
                                                                    entering an existing live mobile
                                                                    WiMAX network, the network
                                                                    operator, the device
                                                                    manufacturer or both need to
                                                                    comply with the WiMAX Forum
                                                                    defined Public Key
                                                                    Infrastructure (PKI)
                                                                    requirements. The same
                                                                    mandate applies to existing
                                                                    fixed WiMAX (IEEE802.16-
                                                                    2004 or 802.16d) network
                                                                    deployments worldwide that
                                                                    plan on upgrading to a mobile
                                                                    WiMAX (IEEE802.16e-2005 or
                                                                    802.16e) network infrastructure.
                                                                    PKI utilizes X.509 digital
                                                                    certificates and their respective
                                                                    keys to correctly identify the
                                                                    devices and servers [AAA
                                                                    (Authentication, Authorization,
                                                                    and Accounting)], as well as to
                                                                    mutually authenticate within the
mobile WiMAX network. The proper format and use of the X.509 certificates are described in the
IETF RFC3280 document with the cryptographic algorithms located in the PKCS#1-PKCS#13
specifications (http://grouper.ieee.org/groups/1363/) devised and published at RSA Security.
Verisign is the leading source for the Secure Sockets Layer (SSL) Certificate Authority (CA) as well
as the sole entity for the processing of WiMAX Forum PKI certificate orders made by WiMAX
operators.

Essentially, the operator and the device manufacturer are each tasked with configuring their
respective AAA servers or devices with the proper WiMAX Forum® server certificates and device
certificates, respectively – to ensure a successful EAP-TLS mutual certificate exchange between
the server and the device. The certificate requirements summarized below are specific for the case
of client devices (netbooks, notebooks, etc.) containing the Intel® Centrino® Advanced-N + WiMAX
6250 PCI Express Mini Card that will be conversing with the server. The AAA server should contain
six added files: the AAA Server Certificate bundled together with the WiMAX Forum Server
Subordinate CA Certificate, the AAA specific Private Key, and the WiMAX Forum Device Root
(CA) Certificates inside the “Trusted Store” (WiMAX Device Root (for Intel IT Flex), the WiMAX
Device Root CA1 (for Verisign), and the WiMAX Device Root CA2 (for Motorola). The operator has
to generate the AAA Private Key as part of the Certificate Signing Request Form (CSR), and the
CSR (containing the AAA Private Key) has to be submitted to VeriSign. Upon processing the
submission, VeriSign will provide the Scuba and the AAA Server Certificate to the operator. On the
client side, the device has seven files added (burned into the Non-Volatile Memory (NVM)
contained on Intel’s WiMAX PCI Express Mini Card solution): the Server Root Certificates (WiMAX
Server Root (for Intel IT Flex), WiMAX Server Root CA1 (for VeriSign), WiMAX Server Root CA2
(for VeriSign), and the WiMAX Server Root CA3 (for VeriSign)), the Device specific Certificate
bundled together with the WiMAX Forum Device Subordinate CA certificate, and the Device
specific Private Key. Please keep in mind that the four distinct Server Root Certificates are used to
accommodate most of the commonly used AAA servers used today.

What is free and what needs to be purchased? The WiMAX Forum Server Root (CA) Certificate
and the WiMAX Forum Device Root (CA) Certificate are free, whereas, the WiMAX Forum Server
Subordinate CA Certificate, the Server Certificate, the Device Subordinate CA Certificate, and the
Device Certificate all need to be purchased. Finally, with the PKI house-keeping completed, a
mobile WiMAX device can now be deployed inside a mobile WiMAX network and begin the
certificate exchange process with the AAA server. To put it simply, the process begins with the
client device sending the Device Certificate and Device Subordinate CA Certificate (certificate
chain) to the AAA server. The server then validates the Device Certificate using the Device
Subordinate CA Certificate and the Device Root CA Certificate. Next, the AAA server sends the
Server Certificate and Server Subordinate CA Certificate (Certificate chain) to the client device. It is
now the client’s turn to validate the Server Certificate by using the Server Subordinate CA
Certificate and the Server Root CA Certificate.

                Article by Sanjiv Gupta

                has written 10 articles for GoingWimax.

                Sanjiv S. Gupta is a Senior Technical Marketing Engineer at Intel Corp with focus
                on WiMAX enablement world wide – primarily in U.S., Latin America, India and the
                EU. He has been with Intel Corporation for twelve years and has been directly
                responsible for the marketing/integration of Intel’s graphics and wireless
                components into OEM PCs worldwide.

More Related Content

What's hot

Wifi direct technology a technical report
Wifi direct technology   a technical reportWifi direct technology   a technical report
Wifi direct technology a technical report
Angelos Alevizopoulos
 
Comprehensive AAP
Comprehensive AAPComprehensive AAP
Comprehensive AAP
Melvin Dickerson
 
Architecture for Mobile Data Offload over Wi-Fi Access Networks
Architecture for Mobile Data Offload over Wi-Fi Access NetworksArchitecture for Mobile Data Offload over Wi-Fi Access Networks
Architecture for Mobile Data Offload over Wi-Fi Access Networks
Cisco Service Provider
 
Wi-Fi Direct
Wi-Fi DirectWi-Fi Direct
Wi-Fi Direct
shivam_kedia
 
The definitive guide for evaluating enterprise WLAN networks
The definitive guide for evaluating enterprise WLAN networksThe definitive guide for evaluating enterprise WLAN networks
The definitive guide for evaluating enterprise WLAN networks
Aerohive Networks
 
Brocade Ethernet Fabrics and the ODDC
Brocade Ethernet Fabrics and the ODDCBrocade Ethernet Fabrics and the ODDC
Brocade Ethernet Fabrics and the ODDC
EMC Nederland
 
Ip service assurance solutions for wimax operators.. Giải pháp IP cho nhà khá...
Ip service assurance solutions for wimax operators.. Giải pháp IP cho nhà khá...Ip service assurance solutions for wimax operators.. Giải pháp IP cho nhà khá...
Ip service assurance solutions for wimax operators.. Giải pháp IP cho nhà khá...
Quốc Lừng
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
AirTight Networks
 
Wi-Fi Direct
Wi-Fi DirectWi-Fi Direct
Wi-Fi Direct
Ashutosh Jha
 
Ruckus wp wifi-into-core
Ruckus wp wifi-into-coreRuckus wp wifi-into-core
Ruckus wp wifi-into-core
warchitect
 
How do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scaleHow do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scale
Duncan Purves
 
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048PPOE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
juet-y
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
Hussein Elmenshawy
 
Implementing vpn using direct access technology
Implementing vpn using direct access technologyImplementing vpn using direct access technology
Implementing vpn using direct access technology
ferasfarag
 
OSN Bay Area Feb 2019 Meetup: Intel, Dynamic Device Personalization - Journey...
OSN Bay Area Feb 2019 Meetup: Intel, Dynamic Device Personalization - Journey...OSN Bay Area Feb 2019 Meetup: Intel, Dynamic Device Personalization - Journey...
OSN Bay Area Feb 2019 Meetup: Intel, Dynamic Device Personalization - Journey...
Lumina Networks
 
Cryptocard Next Generation Authentication
Cryptocard Next Generation AuthenticationCryptocard Next Generation Authentication
Cryptocard Next Generation Authentication
CRYPTOCARD
 
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile NetworksDeploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Cisco Canada
 
Whitepaper: Network Virtualization - Happiest Minds
Whitepaper: Network Virtualization - Happiest MindsWhitepaper: Network Virtualization - Happiest Minds
Whitepaper: Network Virtualization - Happiest Minds
Happiest Minds Technologies
 
Vigor ap810 datasheet_140103
Vigor ap810 datasheet_140103Vigor ap810 datasheet_140103
Vigor ap810 datasheet_140103
marat1989
 
Vpn Plbp 04.14.20001
Vpn Plbp 04.14.20001Vpn Plbp 04.14.20001
Vpn Plbp 04.14.20001
rickhird
 

What's hot (20)

Wifi direct technology a technical report
Wifi direct technology   a technical reportWifi direct technology   a technical report
Wifi direct technology a technical report
 
Comprehensive AAP
Comprehensive AAPComprehensive AAP
Comprehensive AAP
 
Architecture for Mobile Data Offload over Wi-Fi Access Networks
Architecture for Mobile Data Offload over Wi-Fi Access NetworksArchitecture for Mobile Data Offload over Wi-Fi Access Networks
Architecture for Mobile Data Offload over Wi-Fi Access Networks
 
Wi-Fi Direct
Wi-Fi DirectWi-Fi Direct
Wi-Fi Direct
 
The definitive guide for evaluating enterprise WLAN networks
The definitive guide for evaluating enterprise WLAN networksThe definitive guide for evaluating enterprise WLAN networks
The definitive guide for evaluating enterprise WLAN networks
 
Brocade Ethernet Fabrics and the ODDC
Brocade Ethernet Fabrics and the ODDCBrocade Ethernet Fabrics and the ODDC
Brocade Ethernet Fabrics and the ODDC
 
Ip service assurance solutions for wimax operators.. Giải pháp IP cho nhà khá...
Ip service assurance solutions for wimax operators.. Giải pháp IP cho nhà khá...Ip service assurance solutions for wimax operators.. Giải pháp IP cho nhà khá...
Ip service assurance solutions for wimax operators.. Giải pháp IP cho nhà khá...
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
 
Wi-Fi Direct
Wi-Fi DirectWi-Fi Direct
Wi-Fi Direct
 
Ruckus wp wifi-into-core
Ruckus wp wifi-into-coreRuckus wp wifi-into-core
Ruckus wp wifi-into-core
 
How do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scaleHow do you manage Internet of Things (IoT) devices at scale
How do you manage Internet of Things (IoT) devices at scale
 
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048PPOE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
 
Implementing vpn using direct access technology
Implementing vpn using direct access technologyImplementing vpn using direct access technology
Implementing vpn using direct access technology
 
OSN Bay Area Feb 2019 Meetup: Intel, Dynamic Device Personalization - Journey...
OSN Bay Area Feb 2019 Meetup: Intel, Dynamic Device Personalization - Journey...OSN Bay Area Feb 2019 Meetup: Intel, Dynamic Device Personalization - Journey...
OSN Bay Area Feb 2019 Meetup: Intel, Dynamic Device Personalization - Journey...
 
Cryptocard Next Generation Authentication
Cryptocard Next Generation AuthenticationCryptocard Next Generation Authentication
Cryptocard Next Generation Authentication
 
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile NetworksDeploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
 
Whitepaper: Network Virtualization - Happiest Minds
Whitepaper: Network Virtualization - Happiest MindsWhitepaper: Network Virtualization - Happiest Minds
Whitepaper: Network Virtualization - Happiest Minds
 
Vigor ap810 datasheet_140103
Vigor ap810 datasheet_140103Vigor ap810 datasheet_140103
Vigor ap810 datasheet_140103
 
Vpn Plbp 04.14.20001
Vpn Plbp 04.14.20001Vpn Plbp 04.14.20001
Vpn Plbp 04.14.20001
 

Viewers also liked

Roles, percepciòn y conflictos
Roles, percepciòn  y conflictosRoles, percepciòn  y conflictos
Roles, percepciòn y conflictos
andres756
 
C02 e01-sign.2
C02 e01-sign.2C02 e01-sign.2
C02 e01-sign.2
mariam381
 
Ensayo personal acd
Ensayo personal acdEnsayo personal acd
Ensayo personal acd
m_carmen
 
Cylindre
CylindreCylindre
Cylindre
forGot2my4naMe
 
Agenda cultural novembroo
Agenda cultural novembrooAgenda cultural novembroo
Agenda cultural novembroo
becresforte
 
Presentación1
Presentación1Presentación1
Presentación1
luisiro1
 
Fm 261111
Fm 261111Fm 261111
Fm 261111
Hitesh Bhavsar
 
October WOD Dragon
October WOD DragonOctober WOD Dragon
October WOD Dragonksmith353
 
Works cited Fall Research 2011
Works cited Fall Research 2011Works cited Fall Research 2011
Works cited Fall Research 2011
miles593
 
10
1010
1042qu
 
Política educativa para la atención de las comunidades afectadas por invierno
Política educativa para la atención de las comunidades afectadas por invierno Política educativa para la atención de las comunidades afectadas por invierno
Política educativa para la atención de las comunidades afectadas por invierno ComputadoresparaEducar10
 
Origenpapanoel
OrigenpapanoelOrigenpapanoel
Origenpapanoel
pepeperoxil
 
Kritik pedoman pembinaan kesiswaan sma
Kritik pedoman pembinaan kesiswaan smaKritik pedoman pembinaan kesiswaan sma
Kritik pedoman pembinaan kesiswaan sma
Suhadi Rembang
 
Nps1
Nps1Nps1
Pertemuan8
Pertemuan8Pertemuan8
Pertemuan8
Hamdani Hamid
 
Conseptions mosgorprazdnik new_year_olive_show-1
Conseptions  mosgorprazdnik new_year_olive_show-1Conseptions  mosgorprazdnik new_year_olive_show-1
Conseptions mosgorprazdnik new_year_olive_show-1
matuzel
 

Viewers also liked (19)

Roles, percepciòn y conflictos
Roles, percepciòn  y conflictosRoles, percepciòn  y conflictos
Roles, percepciòn y conflictos
 
C02 e01-sign.2
C02 e01-sign.2C02 e01-sign.2
C02 e01-sign.2
 
Ensayo personal acd
Ensayo personal acdEnsayo personal acd
Ensayo personal acd
 
Cylindre
CylindreCylindre
Cylindre
 
Agenda cultural novembroo
Agenda cultural novembrooAgenda cultural novembroo
Agenda cultural novembroo
 
Linz aktiv 10_2008
Linz aktiv 10_2008Linz aktiv 10_2008
Linz aktiv 10_2008
 
Presentación1
Presentación1Presentación1
Presentación1
 
Fm 261111
Fm 261111Fm 261111
Fm 261111
 
October WOD Dragon
October WOD DragonOctober WOD Dragon
October WOD Dragon
 
Works cited Fall Research 2011
Works cited Fall Research 2011Works cited Fall Research 2011
Works cited Fall Research 2011
 
10
1010
10
 
Política educativa para la atención de las comunidades afectadas por invierno
Política educativa para la atención de las comunidades afectadas por invierno Política educativa para la atención de las comunidades afectadas por invierno
Política educativa para la atención de las comunidades afectadas por invierno
 
year 5lesson 1
year 5lesson 1year 5lesson 1
year 5lesson 1
 
Origenpapanoel
OrigenpapanoelOrigenpapanoel
Origenpapanoel
 
Kritik pedoman pembinaan kesiswaan sma
Kritik pedoman pembinaan kesiswaan smaKritik pedoman pembinaan kesiswaan sma
Kritik pedoman pembinaan kesiswaan sma
 
Nps1
Nps1Nps1
Nps1
 
Pertemuan8
Pertemuan8Pertemuan8
Pertemuan8
 
Mapa
MapaMapa
Mapa
 
Conseptions mosgorprazdnik new_year_olive_show-1
Conseptions  mosgorprazdnik new_year_olive_show-1Conseptions  mosgorprazdnik new_year_olive_show-1
Conseptions mosgorprazdnik new_year_olive_show-1
 

Similar to Goingwimax.Com Demystifying Wi Max Public Key Infrastructure Pki For Operators And Device Vendors

ElItecore’s EliteAAA enables BSNL Roll out WiMAX Services
ElItecore’s EliteAAA enables BSNL Roll out WiMAX ServicesElItecore’s EliteAAA enables BSNL Roll out WiMAX Services
ElItecore’s EliteAAA enables BSNL Roll out WiMAX Services
Deepti Somani
 
Bsnl wi maxcasestudy.pdf
Bsnl wi maxcasestudy.pdfBsnl wi maxcasestudy.pdf
Bsnl wi maxcasestudy.pdf
Deepti Somani
 
The Network Impact of 802.11ac White Paper
The Network Impact of 802.11ac White PaperThe Network Impact of 802.11ac White Paper
The Network Impact of 802.11ac White Paper
Aerohive Networks
 
Goingwimax.Com Mobile Wi Max Is Rapidly Gaining World Wide Adoption
Goingwimax.Com Mobile Wi Max Is Rapidly Gaining World Wide AdoptionGoingwimax.Com Mobile Wi Max Is Rapidly Gaining World Wide Adoption
Goingwimax.Com Mobile Wi Max Is Rapidly Gaining World Wide Adoption
Irepa International, LLC
 
Resume
ResumeResume
Resume
Amol Warad
 
Gigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX DeploymentsGigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX Deployments
Angel Villar Garea
 
Meraki Datasheet VPN
Meraki Datasheet VPNMeraki Datasheet VPN
Meraki Datasheet VPN
Cloud Distribution
 
Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)
Service Provider Wi-Fi Networks:  Scaling Signaling Transactions (White Paper)Service Provider Wi-Fi Networks:  Scaling Signaling Transactions (White Paper)
Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)
Cisco Service Provider Mobility
 
Unified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAPUnified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAP
Oliver Pfaff
 
Liberty Technologies Mobile WiMax Deployment
Liberty Technologies Mobile WiMax DeploymentLiberty Technologies Mobile WiMax Deployment
Liberty Technologies Mobile WiMax Deployment
Cisco Service Provider
 
Wi fi technology
Wi fi technologyWi fi technology
Wi fi technology
Shital Gawali
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY  1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY  1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
todd581
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY  1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY  1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
glendar3
 
A Unified Network for the Mobile Era
A Unified Network for the Mobile EraA Unified Network for the Mobile Era
A Unified Network for the Mobile Era
Avaya Inc.
 
Senza Fili Leveraging802.16e Wi Max 091111
Senza Fili Leveraging802.16e Wi Max 091111Senza Fili Leveraging802.16e Wi Max 091111
Senza Fili Leveraging802.16e Wi Max 091111
Monica Paolini
 
Chapter1 rev1.0
Chapter1   rev1.0Chapter1   rev1.0
Chapter1 rev1.0
juliusbangaw
 
Igor lakhman net_res_v1
Igor lakhman net_res_v1Igor lakhman net_res_v1
Igor lakhman net_res_v1
Igor Lakhman
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment  - PKLStudy Wireless Security Deployment  - PKL
Study Wireless Security Deployment - PKL
Aaron ND Sawmadal
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
Lopamudra Das
 
Mohd Kareem CV July 26 2015
Mohd Kareem  CV July 26 2015Mohd Kareem  CV July 26 2015
Mohd Kareem CV July 26 2015
Mohammed Shoaib
 

Similar to Goingwimax.Com Demystifying Wi Max Public Key Infrastructure Pki For Operators And Device Vendors (20)

ElItecore’s EliteAAA enables BSNL Roll out WiMAX Services
ElItecore’s EliteAAA enables BSNL Roll out WiMAX ServicesElItecore’s EliteAAA enables BSNL Roll out WiMAX Services
ElItecore’s EliteAAA enables BSNL Roll out WiMAX Services
 
Bsnl wi maxcasestudy.pdf
Bsnl wi maxcasestudy.pdfBsnl wi maxcasestudy.pdf
Bsnl wi maxcasestudy.pdf
 
The Network Impact of 802.11ac White Paper
The Network Impact of 802.11ac White PaperThe Network Impact of 802.11ac White Paper
The Network Impact of 802.11ac White Paper
 
Goingwimax.Com Mobile Wi Max Is Rapidly Gaining World Wide Adoption
Goingwimax.Com Mobile Wi Max Is Rapidly Gaining World Wide AdoptionGoingwimax.Com Mobile Wi Max Is Rapidly Gaining World Wide Adoption
Goingwimax.Com Mobile Wi Max Is Rapidly Gaining World Wide Adoption
 
Resume
ResumeResume
Resume
 
Gigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX DeploymentsGigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX Deployments
 
Meraki Datasheet VPN
Meraki Datasheet VPNMeraki Datasheet VPN
Meraki Datasheet VPN
 
Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)
Service Provider Wi-Fi Networks:  Scaling Signaling Transactions (White Paper)Service Provider Wi-Fi Networks:  Scaling Signaling Transactions (White Paper)
Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)
 
Unified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAPUnified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAP
 
Liberty Technologies Mobile WiMax Deployment
Liberty Technologies Mobile WiMax DeploymentLiberty Technologies Mobile WiMax Deployment
Liberty Technologies Mobile WiMax Deployment
 
Wi fi technology
Wi fi technologyWi fi technology
Wi fi technology
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY  1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY  1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY  1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY  1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
 
A Unified Network for the Mobile Era
A Unified Network for the Mobile EraA Unified Network for the Mobile Era
A Unified Network for the Mobile Era
 
Senza Fili Leveraging802.16e Wi Max 091111
Senza Fili Leveraging802.16e Wi Max 091111Senza Fili Leveraging802.16e Wi Max 091111
Senza Fili Leveraging802.16e Wi Max 091111
 
Chapter1 rev1.0
Chapter1   rev1.0Chapter1   rev1.0
Chapter1 rev1.0
 
Igor lakhman net_res_v1
Igor lakhman net_res_v1Igor lakhman net_res_v1
Igor lakhman net_res_v1
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment  - PKLStudy Wireless Security Deployment  - PKL
Study Wireless Security Deployment - PKL
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
 
Mohd Kareem CV July 26 2015
Mohd Kareem  CV July 26 2015Mohd Kareem  CV July 26 2015
Mohd Kareem CV July 26 2015
 

Goingwimax.Com Demystifying Wi Max Public Key Infrastructure Pki For Operators And Device Vendors

  • 1. Demystifying WiMAX Public Key Infrastructure (PKI) for Operators and Device Vendors http://w w w .goingw imax.com/demystifying-w imax-public-key-infrastructure-pki-for-operators-and-device-vendors-10395/ December 1, 2011 Sanjiv Gupta on May 3, 2010 | 2 comments Since the first historical mobile WiMAX network deployment by Clear over a year ago, there have been more than 600 WiMAX networks worldwide which have either commercially launched or have entered into a planning/pre-deployment stage. For new devices (WiMAX Forum Certified or other devices) entering a Greenfield network, or for new devices entering an existing live mobile WiMAX network, the network operator, the device manufacturer or both need to comply with the WiMAX Forum defined Public Key Infrastructure (PKI) requirements. The same mandate applies to existing fixed WiMAX (IEEE802.16- 2004 or 802.16d) network deployments worldwide that plan on upgrading to a mobile WiMAX (IEEE802.16e-2005 or 802.16e) network infrastructure. PKI utilizes X.509 digital certificates and their respective keys to correctly identify the devices and servers [AAA (Authentication, Authorization, and Accounting)], as well as to mutually authenticate within the mobile WiMAX network. The proper format and use of the X.509 certificates are described in the IETF RFC3280 document with the cryptographic algorithms located in the PKCS#1-PKCS#13 specifications (http://grouper.ieee.org/groups/1363/) devised and published at RSA Security. Verisign is the leading source for the Secure Sockets Layer (SSL) Certificate Authority (CA) as well as the sole entity for the processing of WiMAX Forum PKI certificate orders made by WiMAX operators. Essentially, the operator and the device manufacturer are each tasked with configuring their respective AAA servers or devices with the proper WiMAX Forum® server certificates and device certificates, respectively – to ensure a successful EAP-TLS mutual certificate exchange between the server and the device. The certificate requirements summarized below are specific for the case of client devices (netbooks, notebooks, etc.) containing the Intel® Centrino® Advanced-N + WiMAX 6250 PCI Express Mini Card that will be conversing with the server. The AAA server should contain
  • 2. six added files: the AAA Server Certificate bundled together with the WiMAX Forum Server Subordinate CA Certificate, the AAA specific Private Key, and the WiMAX Forum Device Root (CA) Certificates inside the “Trusted Store” (WiMAX Device Root (for Intel IT Flex), the WiMAX Device Root CA1 (for Verisign), and the WiMAX Device Root CA2 (for Motorola). The operator has to generate the AAA Private Key as part of the Certificate Signing Request Form (CSR), and the CSR (containing the AAA Private Key) has to be submitted to VeriSign. Upon processing the submission, VeriSign will provide the Scuba and the AAA Server Certificate to the operator. On the client side, the device has seven files added (burned into the Non-Volatile Memory (NVM) contained on Intel’s WiMAX PCI Express Mini Card solution): the Server Root Certificates (WiMAX Server Root (for Intel IT Flex), WiMAX Server Root CA1 (for VeriSign), WiMAX Server Root CA2 (for VeriSign), and the WiMAX Server Root CA3 (for VeriSign)), the Device specific Certificate bundled together with the WiMAX Forum Device Subordinate CA certificate, and the Device specific Private Key. Please keep in mind that the four distinct Server Root Certificates are used to accommodate most of the commonly used AAA servers used today. What is free and what needs to be purchased? The WiMAX Forum Server Root (CA) Certificate and the WiMAX Forum Device Root (CA) Certificate are free, whereas, the WiMAX Forum Server Subordinate CA Certificate, the Server Certificate, the Device Subordinate CA Certificate, and the Device Certificate all need to be purchased. Finally, with the PKI house-keeping completed, a mobile WiMAX device can now be deployed inside a mobile WiMAX network and begin the certificate exchange process with the AAA server. To put it simply, the process begins with the client device sending the Device Certificate and Device Subordinate CA Certificate (certificate chain) to the AAA server. The server then validates the Device Certificate using the Device Subordinate CA Certificate and the Device Root CA Certificate. Next, the AAA server sends the Server Certificate and Server Subordinate CA Certificate (Certificate chain) to the client device. It is now the client’s turn to validate the Server Certificate by using the Server Subordinate CA Certificate and the Server Root CA Certificate. Article by Sanjiv Gupta has written 10 articles for GoingWimax. Sanjiv S. Gupta is a Senior Technical Marketing Engineer at Intel Corp with focus on WiMAX enablement world wide – primarily in U.S., Latin America, India and the EU. He has been with Intel Corporation for twelve years and has been directly responsible for the marketing/integration of Intel’s graphics and wireless components into OEM PCs worldwide.