3cdpd security features, Airlink security, Authentication services – Sierra Wireless DART 200 CDPD Modem User Manual
Page 47
PN1197-00 Revision 1.0
3
CDPD Security Features
Airlink security
The Cellular Digital Packet Data (CDPD) network is a public wireless
data communications service vulnerable to casual eavesdropping. To
minimize this possibility, a data encryption mechanism is provided for
all non-broadcast communications between the Mobile Data Intermediate
System (MDIS) and the Mobile End System (M-ES).
If activated by the carrier, encryption services are implemented by the
MDIS. At registration time the Data Access Radio Transmitter (DART)
200 is told, during session negotiation, whether or not encryption is
being used. The M-ES has no choice and follows the lead of the MDIS in
using or not using encryption
Authentication services
M-ES authentication is provided within the CDPD network to prevent
fraudulent use of the network. This mechanism is implemented by the
MDIS, as follows:
1. The MDIS validates the Authentication Data (credentials) presented
by the M-ES at registration time by comparing them against
information stored in the MDIS authentication table.
2. If the credentials are acceptable to the MDIS they are updated, stored
back into the MDIS authentication table, and also sent back to the
M-ES for use when it next registers. Registration is denied if the
M-ES presented credentials do not match those stored for its
Network Entity Identifier (NEI) by the MDIS.
When an IP Address is first authorized for use by the carrier, or an IP
Address is loaded into a modem, the associated credentials are set to
zero. On each subsequent registration the credentials are for the IP
Address are updated as described in steps 1 and 2 above.
Chapter