DOCSIS Baseline Privacy (BPI) provides data privacy across the hybrid fiber-coaxial (HFC) network by encrypting traffic flows between the modem and the cable operator's Cable Modem Termination System (CMTS).
BPI security services are a set of extended services within the DOCSIS MAC sublayer. Two new MAC management message types, BPKM-REQ and BPKM-RSP, are employed to support the Baseline Privacy Key Management (BPKM) protocol.
The BPKM protocol does not use authentication mechanisms such as passwords or digital signatures; it provides basic protection of service by ensuring that a modem, uniquely identified by its 48-bit IEEE MAC address, can only obtain keying material for services it is authorized to access.
The Cisco uBR924 cable modem is able to obtain two types of keys from the CMTS:
Traffic Exchange Key (TEK), used to encrypt and decrypt data packets
Key Exchange Key (KEK), used to decrypt the TEK
For more information on this feature, refer to the DOCSIS Baseline Privacy Interface Specification (SP-BPI-I01-970922).
The following information is entered by the user to specify retransmission intervals and grace periods for the various wait states (authorize, operational, rekey, and authorization reject).
Specifies the retransmission interval (in seconds) of Authorization Request messages from the Authorize Wait state. (Valid range is 2 to 30 seconds.)
Example: 10 (seconds)---This is the default value.
Specifies the retransmission interval (in seconds) of Authorization Request messages from the Authorize Wait state. (Valid range is 2 to 30 seconds.)
Example: 10 (seconds)---This is the default value.
Specifies the grace period for reauthorization (in seconds). (Valid range is 1 to 1800 seconds.)
Example: 600 (seconds)---This is the default value.
Specifies the retransmission interval (in seconds) of Key Requests from the Operational Wait state. (Valid range is 1 to 10 seconds.)
Example: 1 (second)---This is the default value.
Specifies the retransmission interval (in seconds) of Key Requests from the Rekey Wait state. (Valid range is 1 to 10 seconds.)
Example: 1 (second)---This is the default value.
Specifies the grace period for rekeying (in seconds). (Valid range is 1 to 1800 seconds.)
Example: 600 (seconds)---This is the default value.
Specifies how long (in seconds) a modem waits in the Authorize Reject Wait state after receiving an Authorization Reject. (Valid range is 60 to 1800 seconds.)
Example: 60 (seconds)---This is the default value.