Mutual authentication can take place in one of the two modes of operation. In the first mode, only mutual authentication is used. In the other mode, mutual authentication is followed by EAP authentication. In this second mode, the mutual authentication is performed only for initial network entry and only EAP authentication is performed in the case that authentication is needed for re-entry. SS mutual authorization, controlled by the PKMv2 authorization state machine, is the process of:
1. The BS authenticating a client SS's identity.
2. The SS authenticating the BS's identity.
3. The BS providing the authenticated SS with an AK, from which a KEK and message authentication keys are derived.
4. The BS providing the authenticated SS with the identities (i.e., the SAIDs) and properties of primary and static SAs for which the SS is authorized to obtain keying information.
After achieving initial authorization, an SS should periodically seek reauthorization with the BS. This reauthorization is also managed by the SS's PKMv2 authorization state machine. An SS must maintain its authorization status with the BS to be able to refresh aging TEKs and GTEKs. TEK state machines manage the refreshing of TEKs. The SS or BS may run optional authenticated EAP messages for additional authentication.
The SS sends an authorization request message to its BS immediately after sending the authentication information message. This is a request for an AK, as well as for the SAIDs identifying any static security SAs that the SS is authorized to participate in. The authorization request includes:
§ A manufacturer-issued X.509 certificate.
§ A list of cryptographic suite identifiers, each indicating a particular pairing of packet data encryption and packet data authentication algorithms that the SS supports.
§ The SS's basic CID. The basic CID is the first static CID that the BS assigns to an SS during initial ranging—the primary SAID is equal to the basic CID.
§ A 64-bit random number generated in the SS.
In response to an authorization request message, a BS validates the requesting SS's identity, determines the encryption algorithm and protocol support it shares with the SS, activates an AK for the SS, encrypts it with the SS's public key, and sends it back to the SS in an authorization reply message. The authorization reply includes:
§ The BS's X.509 certificate.
§ A pre-PAK encrypted with the SS's public key.
§ A 4-bit PAK sequence number, used to distinguish between successive generations of AKs.
§ A PAK lifetime.
§ The identities (i.e., the SAIDs) and properties of the single primary and zero or more static SAs for which the SS is authorized to obtain keying information.
§ The 64-bit random number generated in the SS.
§ A 64-bit random number generated in the BS.
§ The RSA signature over all the other attributes in the auth-reply message by BS, used to assure that the authenticity of the earlier PKMv2 RSA-Reply messages.
An SS must periodically refresh its AK by reissuing an authorization request to the BS. Reauthorization is identical to authorization. To avoid service interruptions during reauthorization, successive generations of the SS's AKs have overlapping lifetimes. Both SS and BS must be able to support up to two simultaneously active AKs during these transition periods. The operation of the authorization state machine's authorization request scheduling algorithm, combined with the BS's regimen for updating and using a client SS's AKs, ensures that the SS can refresh TEK keying information without interruption.