Professional Documents
Culture Documents
Architecture, detailed Protocols and Procedures WiMAX Over-The-Air General Provisioning System Specification WMF-T33-103-R015v02 WiMAX Forum Approved (2009-11-21)
WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WMFT33103R015v02
Copyright20072009WiMAXForum.Allrightsreserved. TheWiMAXForumownsthecopyrightinthisdocumentandreservesallrightsherein.Thisdocumentisavailablefor downloadfromtheWiMAXForumandmaybeduplicatedforinternaluse,providedthatallcopiescontainallproprietarynotices anddisclaimersincludedherein.Exceptfortheforegoing,thisdocumentmaynotbeduplicated,inwholeorinpart,or distributedwithouttheexpresswrittenauthorizationoftheWiMAXForum. Useofthisdocumentissubjecttothedisclaimersandlimitationsdescribedbelow.Useofthisdocumentconstitutesacceptance ofthefollowingtermsandconditions: THISDOCUMENTISPROVIDEDASISANDWITHOUTWARRANTYOFANYKIND.TOTHEGREATEST EXTENTPERMITTEDBYLAW,THEWiMAXFORUMDISCLAIMSALLEXPRESS,IMPLIEDAND STATUTORYWARRANTIES,INCLUDING,WITHOUTLIMITATION,THEIMPLIEDWARRANTIESOFTITLE, NONINFRINGEMENT,MERCHANTABILITYANDFITNESSFORAPARTICULARPURPOSE.THEWiMAX FORUMDOESNOTWARRANTTHATTHISDOCUMENTISCOMPLETEORWITHOUTERRORAND DISCLAIMSANYWARRANTIESTOTHECONTRARY. Anyproductsorservicesprovidedusingtechnologydescribedinorimplementedinconnectionwiththisdocumentmaybe subjecttovariousregulatorycontrolsunderthelawsandregulationsofvariousgovernmentsworldwide.Theuserissolely responsibleforthecomplianceofitsproductsand/orserviceswithanysuchlawsandregulationsandforobtaininganyandall requiredauthorizations,permits,orlicensesforitsproductsand/orservicesasaresultofsuchregulationswithintheapplicable jurisdiction. NOTHINGINTHISDOCUMENTCREATESANYWARRANTIESWHATSOEVERREGARDINGTHE APPLICABILITYORNONAPPLICABILITYOFANYSUCHLAWSORREGULATIONSORTHESUITABILITY ORNONSUITABILITYOFANYSUCHPRODUCTORSERVICEFORUSEINANYJURISDICTION. NOTHINGINTHISDOCUMENTCREATESANYWARRANTIESWHATSOEVERREGARDINGTHE SUITABILITYORNONSUITABILITYOFAPRODUCTORASERVICEFORCERTIFICATIONUNDERANY CERTIFICATIONPROGRAMOFTHEWiMAXFORUMORANYTHIRDPARTY. TheWiMAXForumhasnotinvestigatedormadeanindependentdeterminationregardingtitleornoninfringementofany technologiesthatmaybeincorporated,describedorreferencedinthisdocument.Useofthisdocumentorimplementationofany technologiesdescribedorreferencedhereinmaythereforeinfringeundisclosedthirdpartypatentrightsorotherintellectual propertyrights.Theuserissolelyresponsibleformakingallassessmentsrelatingtotitleandnoninfringementofanytechnology, standard,orspecificationreferencedinthisdocumentandforobtainingappropriateauthorizationtousesuchtechnologies, technologies,standards,andspecifications,includingthroughthepaymentofanyrequiredlicensefees. NOTHINGINTHISDOCUMENTCREATESANYWARRANTIESOFTITLEORNONINFRINGEMENTWITH RESPECTTOANYTECHNOLOGIES,STANDARDSORSPECIFICATIONSREFERENCEDORINCORPORATED INTOTHISDOCUMENT. INNOEVENTSHALLTHEWiMAXFORUMORANYMEMBERBELIABLETOTHEUSERORTOATHIRD PARTYFORANYCLAIMARISINGFROMORRELATINGTOTHEUSEOFTHISDOCUMENT,INCLUDING, WITHOUTLIMITATION,ACLAIMTHATSUCHUSEINFRINGESATHIRDPARTYSINTELLECTUAL PROPERTYRIGHTSORTHATITFAILSTOCOMPLYWITHAPPLICABLELAWSORREGULATIONS.BY USEOFTHISDOCUMENT,THEUSERWAIVESANYSUCHCLAIMAGAINSTTHEWiMAXFORUMANDITS MEMBERSRELATINGTOTHEUSEOFTHISDOCUMENT. TheWiMAXForumreservestherighttomodifyoramendthisdocumentwithoutnoticeandinitssolediscretion.Theuseris solelyresponsiblefordeterminingwhetherthisdocumenthasbeensupersededbyalaterversionoradifferentdocument.
Pagei WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
TABLE OF CONTENTS
1 2 3 RevisionHistory............................................................................................................................................ 1 DocumentScope ........................................................................................................................................... . 2 AbbreviationsandDefinitions....................................................................................................................... 3 3.1 Abbreviations.........................................................................................................................................3 3.2 Terms&Definitions...............................................................................................................................5 3.3 Conventions............................................................................................................................................7 4 References..................................................................................................................................................... 8 5 UseCases....................................................................................................................................................... 9 6 OTAProvisioningNetworkReferenceModel............................................................................................ 1 1 6.1 Functionaldescription.........................................................................................................................11 6.1.1 Provisioning Server.......................................................................................................................... 11 6.1.2 Provisioning Client .......................................................................................................................... 11 6.2 BootstrapMessageFormatandEncoding...........................................................................................12 7 WiMAXGeneralOvertheAirProvisioningandActivationOverview..................................................... 3 1 7.1 Overview...............................................................................................................................................13 8 WiMAXInitialBootstrapProcedureOverview.......................................................................................... 7 1 9 Requirements............................................................................................................................................... 8 1 9.1 GeneralRequirements..........................................................................................................................18 9.1.1 Model B (Retail Model) WiMAX Devices and Their Management ................................................ 18 9.2 DeviceRequirements............................................................................................................................18 9.3 ProvisioningServerRequirements.......................................................................................................19 9.4 ASNGWRequirements........................................................................................................................19 9.5 AAARequirements...............................................................................................................................19 . 9.6 HotlineFeatureRequirements.............................................................................................................20 9.7 WIBProcedureRequirements..............................................................................................................21 9.7.1 Bootstrap Message Encoding ........................................................................................................... 22 10 SecurityConsiderations............................................................................................................................... 4 2 10.1 WiMAXBootstrapSecurity...................................................................................................................24 10.1.1 Bootstrap Encryption Key................................................................................................................ 24 10.1.2 Bootstrap Information Protection..................................................................................................... 25 A PP E N D I X A . SE R V I C E M O D ES .................................................................................................................... 26
Pageii WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
LIST OF FIGURES
FIGURE1:PROVISIONING&ACTIVATIONARCHITECTUREOVERVIEW.................................................. 1 1 FIGURE2:PROVISIONING&ACTIVATIONPHASES........................................................................................ 4 1 FIGURE3:WIBPROCEDURE................................................................................................................................. 7 1
LIST OF TABLES
TABLE1MODELBDEVICEDMREQUIREMENT............................................................................................ 8 1 TABLE2VALUESOFPROTOCOL..................................................................................................................... 1 2 TABLE3BOOTSTRAPMESSAGEENCODING................................................................................................. 2 2 TABLE4ENCODINGOFNONCETLV ............................................................................................................... 3 . 2 TABLE5ENCODINGOFCIPHERTEXTTLV..................................................................................................... 3 2 TABLE6NONCECONSTRUCTION(13OCTETS)............................................................................................ 5 2 TABLE7INITIALCCMBLOCKB0..................................................................................................................... 5 2 TABLE8COUNTERBLOCKCTRJ...................................................................................................................... 5 2 TABLE9SERVICEMODEAVPSFORWIMAXDECORATION .................................................................... 6 . 2
Pageiii WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1
Date
Revision History
Revision V01 V02 Description InitialversionofRelease1.5. ImplementationofCRs1003and1006.
Page1 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6
Document Scope
ManydifferentdevicetypeswillbeenabledbyWiMAXtechnologies,suchasnotebooks,ultramobiledevices (UMD),handsets,andconsumerelectronics.AWiMAXserviceproviderwouldrequireadynamicovertheair provisioningsolutiontoconfigureactivate,enablesubscriptionfor,andmanagethesedevicetypes. This document specifies Stage 2 and Stage 3 for general overtheair provision and activation procedures in WiMAX.
Page2 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3
3 3.1
AAA ACL AES ASN
ASNGW ATA BEK BS BW CAPL CA CCM CE CMIP CPE CRL CSC CSN DB DDF DHCP DM DNS DPI DTD EAP EAPTLS EAPTTLS EMSK FFT FUMO GUID
Page3 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral GW HAAA HA HTTP HNSP HNSPID IMSI IP IPv4 IPv6 ISF LDAP LSB MAC MIP MO MS MSB MSID NAI NAP NAPID NAPMO NAT ND&S NSP NSPID NWG OAM&P OMADM OTA PC PKI PMP PMIP POA Gateway HomeAuthentication,AuthorizationandAccounting HomeAgent HypertextTransferProtocol(HTTP) HomeNetworkServiceProvider HomeNetworkServiceProvideIdentifier InternationalMobileSubscriberIdentity InternetProtocol InternetProtocolVersion4 InternetProtocolVersion6 InitialServiceFlow LightweightDirectoryAccessProtocol LeastSignificantBit/Byte MessageAuthenticationCode MediumAccessControl MobileIP ManagementObject MobileStation(alsoreferredtoasdeviceinthisdocument) MostSignificantBit/Byte MobileStationIdentifier NetworkAccessIdentifier NetworkAccessProvider NetworkAccessProviderIdentifier NetworkAccessPointManagementObject NetworkAddressTranslation NetworkDiscovery&Selection NetworkServiceProvider NetworkServiceProviderIdentifier NetworkWorkingGroup Operation,Administration,Maintenance,andProvisioning OpenMobileAllianceDeviceManagement OverTheAir PersonalComputer PublicKeyInfrastructure PortableMediaPlayer ProxyMobileIP PointofActivation
WMFT33103R015v02
Page4 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral POM POS RADIUS RAPL RDF SKU SPI STB TLV UDP UMD URI URL VNSP VNSPID WIB WiMAX XML 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 PointofManufacturing PointofSale RemoteAuthenticationDialInUserService RoamingAgreementPreferenceList ResourceDescriptionFramework StockKeepingUnit SecurityParameterIndex SetTopBox TypeLengthValue UserDatagramProtocol UltraMobileDevice UniformResourceIdentifier UniformResourceLocator VisitedNetworkServiceProvider VisitednNetworkServiceProviderIdentifier WiMAXInitialBootstrap WorldwideInteroperabilityforMicrowaveAccess ExtensibleMarkupLanguage
WMFT33103R015v02
3.2
Thefollowingterms&definitionsareapplicabletoboththeOMADM[OTAOMADM]andTR069[OTATR069] basedWiMAXOTAProvisioning&ActivationSpecifications. ActivationProvisioning:Theprocesswhereadevicethatisnotprovisionedforauseraccountcurrentlyassociated withanactive subscriptionwitha serviceproviderisupdatedwithdata,parameters,and/orapplications,typically forthefirsttime,associatingthedevicewithaaccount(payingcustomer)andsupplyingservicetothedevice. Activation/ProvisioningPoints: o o o POMPointofmanufacturingwhereatleastinitialinformationMUSTbeprovisioned. POSPointofsalewhereactivationandprovisioninginformationMAYbeadded(dependsifthe POSiscooperatingwiththeoperatorornot). POAPointofactivationwhereallneededinformationisprovisionedandDeviceLockMAY beactivated(insomescenariosthePOSisthePOAandinotherPOAisOTA).
Page5 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
WMFT33103R015v02
CertificateAuthority(CA):AnentityentrustedtoissueCertificatesthatassertthattherecipientindividual, computer,ororganizationrequestingtheCertificatefulfillstheconditionsofanestablishedpolicy. CertificateRevocationList(CRL):AdocumentmaintainedandpublishedbyaCAthatlistsCertificatesissuedby theCAthatarenolongervalid. ChannelPlan:AChannelPlanisusedbythedevicetospeedupNAPdiscoverprocess.Itcontainsphysical informationsuchaschannelbandwidth,centerfrequency,andPHYprofile. ContinuousProvisioning:Theprocesswhereadevicethatisalreadyprovisionedwithauseraccountassociated withanactivesubscriptionwithaserviceproviderisupdatedwithnewdata,parameters,and/orapplicationsthat MAYreplacepreexistingvaluesorversions.TheContinuousProvisioningprocessisbasedonthedefinitionin [DMRD]andincludestheconfigurationmaintenance/managementusecasedescribedinthesamespecification. ContractualAgreementPreferenceList(CAPL):AlistconsistingofNetworkAccessProviderspreferredtobe connectedtothehomenetworkdirectly CustomerServiceCenter(CSC):Anentityinawirelesscarriersnetworkthatreceivesservicerequestsfromthe endusersandactsonsuchrequests. DeviceLock:BlockingtheWiMAXhostdevicefromgettingactivatedonnewoperatorsandenforcingthedevice toworkonlywiththeoperator,whichislocked,asaHNSP. DeviceManagement(DM):Processofremotelymanagingdevicesettingsandapplications.DMprovidesa mechanismfortheuserstoeasilysubscribetonewservicesandmakechangestotheirexistingservices.Forthe operatorsthisenablesafastandeasywaytointroducenewservicesandmanageprovisionedservices,by dynamicallyadjustingtochangesandensuringacertainlevelofqualityofservice. DeviceManagementSystem purposeofDeviceManagement. Abackgroundsystemcapabletointeractwitha(setof)Device(s)forthe
DeviceProfile:Settingsthatestablishtheconfigurationofaparticulardevice,includingnetworksettings, applications,etc. DeviceUnlock:ProcessofallowingthedevicetogetactivatedonotherServiceProvidersnetworks. HostDevice:ReferstoastandalonedeviceorasubmoduleinwhichWiMAXmodem(chipset)isembedded.This isthedevicethatistobemanagedasthisspecificationdefines,associatedwithMACID,andSHOULDappearin DevInfoandDevDetailMOs.Examplesofhostdeviceare:1)RemovableModem(e.g.,PCCard,USBModem, etc.)withembeddedWiMAXchipset2)WiMAXsubmodulephysicallyattachedtoaWiMAXCPEGateway3) WiMAXsubmoduletemporarilyorpermanentlybuiltintoalaptop4)WiMAXenabledconsumerelectronics(e.g., DigitalCamera,PMP,etc.)thathastheembeddedWiMAXchipset. ManagementObject:Adatamodelforinformation,e.g.,aconfigurationparameter,animage,orafile,whichisa logicalpartoftheinterfacesexposedbyDMcomponentsandmanagedthroughtheuseofOAM&P. ModelA:Operator/serviceprovidersubsidizeddevice,similartothecurrentcellular,cablemodem,orDSL servicesprovisioningmodels.DifferentSKUprovidedforeachdeviceatPOMtoconnecttooneWiMAXnetwork orgroupofWiMAXnetworks.ModelAMaysupportselfsubscriptionOTAorviaawebportal. ModelB:GenericSKUretaildevices.SHALLsupportovertheairselfsubscriptionandprovisioning. ModelB1:Nonoperator/serviceprovidersubsidizeddevice. ModelB2:Operator/serviceprovidersubsidizeddevice.Devicecontainsoperator/serviceproviderspecific configuration. MultimodeDevice:Devicesupportingtwoormorewirelessaccesstechnologies. NAPBasedChannelPlan:AChannelPlanwhichisasubsetofRootChannelPlanandisassociatedwithaNAP. OMADM:ReferstothesetofspecificationsdevelopedbyOpenMobileAllianceforDM. PriorConnectInfo:Specifiedin[NWGSTG3].
Page6 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
WMFT33103R015v02
ProvisioningServer:Referstoaserverthatcommunicateswiththedeviceusingtheprovisioningprotocolinthe provisioningprocess. RoamingAgreementPreferenceList(RAPL):AlistdeliveredtothedeviceconsistingofNetworkService Providerspreferredtobeconnectedtowhenroaming. RootChannelPlan:AChannelPlanwhichcontainsallChannelPlanEntries. SmartCard:Asmartcard(orchipcard,orintegratedcircuitcard)isaminiaturizedelectroniccardwithembedded integratedcircuitswhichcanprocessinformation.Thisimpliesthatitcanreceiveinputfromtrustedsourceand processtheinformationinastandardizedmanneranddeliverprocessedinformationasanoutputtotrustedentitiesit interactswith.Therearetwobroadcategoriesofsmartcards.Thefirstcategoryismemorycards(orflashmemory card)usedinhandhelddevices,digitalcameras,laptops,etc.,containingonlynonvolatilememorystorage components,andperhapssomespecificsecuritylogic.Thesecondcategoryismicroprocessorcardsthatcontain volatilememoryandmicroprocessorcomponents. ServiceCredential:Credentialusedtoallowtheusertoaccessthecarrierservices. TerminalEquipment:Referstothedeviceinwhichhostdeviceistemporarily(throughPCcardslot,USBport etc.)orpermanently(forexample,embeddedlaptop)insertedtogetWiMAXconnectivity.Examplesofterminal equipmentare:1)PCwhichhasaPCcardslotforperipheraldevices,andPCCard(hostdevice)isinsertedinPCto getWiMAXconnectivity2)WiMAXCPEGatewaywhichhasaWiMAXsubmodule3)Embeddedlaptopwhich hasWiMAXsubmodulepermanentlybuiltin4)ConsumerelectronicsthathasaWiMAXsubmodule. UserProfile:TheUserProfileisacollectionofcomponents(personaldata,preferences/policiesonservices, networksanddevices,etc.)thatindicatethepreferencesandcurrentconfigurationofauser'saccount.Userprofiles enableseveraluserstousethesamedevicewiththeirownsetup.TheUserProfileistightlycoupledwiththeusers identityandviceversa. WiMAXRadioModule:ReferstoWiMAXradiochipsetandsubsystempresentinthehostdeviceandthatenables WiMAXradioconnectivityforthehostdevice. WiMAXCPEGateway:NetworkequipmentthroughwhichasubscribercanconnectoneormorePCs,laptops,or othernetworkeddevices(e.g.,STB)viaoneormoreLANports(e.g.,Ethernet,GigabitEthernetWiFi,Cable Connection).TheWiMAXCPEGatewayprovidesservices,suchasvoiceandmultimediacontentviaaWiMAX Network.ItMAYincludeananalogtelephoneadapter(ATA),andcansupportconnectivitytoananalogue telephoneoranexternalanalogTerminalAdapter.AWiMAXCPEGatewayconformstotheNWGmobility specification[NWGSTG3],andIEEE802.16e2005.AWiMAXCPEGatewayMAYalsofunctionasalayer2 bridgeorlayer3router.ItMAYsupportotherIPstackfunctionslikeNAT(P/T)DNS/DHCPsecurepassthrough, NATTraversal,firewalling,parentalcontrol/DPI,securityfeatures,OAMfeatures,and/ornetworkdiagnostics agents. X.509:DigitalCertificateDefinitionX.509[RFC3280]
3.3
Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
Page7 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
References
OMADeviceManagementRequirementsDocument,Version1.2.OpenMobileAlliance. OMARDDMV1_2.URL:http://www.openmobilealliance.org "EnablerReleaseDefinitionforOMADeviceManagement,v1.2,"OpenMobileAlliance, OMAERELDDMV1_2,URL:http://www.openmobilealliance.org. DSL Forum TR-069, CPE WAN Management Protocol, May 2004, and Amendment 1, November 2006 URL: http://www.dslforum.org NISTSpecialPublication80038CRecommendationforBlockCipherModesofOperation: TheCCMModeforAuthenticationandConfidentiality,May2004 WiMAXForum,T33001R015v01,DetailedProtocolsandProcedures,Base Specification",Release1.5 WiMAXForumT33104R015v04,"Architecture,detailedProtocolsandProcedures, WiMAXOverTheAirProvisioning&ActivationProtocolbasedonOMADM Specifications",Release1.5 WiMAXForumT33105R015v01,"Architecture,detailedProtocolsandProcedures,Over TheAirProvisioning&ActivationProtocolbasedonTR069Specification",Release1.5 KeywordsforuseinRFCstoIndicateRequirementLevels,S.Bradner,March1997, http://www.ietf.org/rfc/rfc2119.txt TheTLSProtocolVersion1.0,T.Dierks,C.Allen,January1999, http://www.ietf.org/rfc/rfc2246.txt HypertextTransferProtocolHTTP/1.1,R.Fieldingetal,June1999, http://www.ietf.org/rfc/rfc2616.txt HTTPOverTLS,E.Rescorla,May2000, http://www.ietf.org/rfc/rfc2818.txt "ADNSRRforspecifyingthelocationofservices(DNSSRV)",A.Gulbrandsen,P.Vixie, L.Esibov,February2000, http://www.ietf.org/rfc/rfc2782.txt AdvancedEncryptionStandard(AES)CiphersuitesforTransportLayerSecurity(TLS),P. Chown,June2002,http://www.ietf.org/rfc/rfc3268.txt InternetX.509PublicKeyInfrastructureCertificateandCertificateRevocationList(CRL) Profile,R.Housleyet.al.,April2002,http://www.ietf.org/rfc/rfc3280.txt?number=3280 TheNetworkAccessIdentifier,B.Aboba,M.Beadles,J.Arkko,P.Eronen,December 2005,http://www.ietf.org/rfc/rfc4282.txt
Page8 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
Use Cases
TheusecasesforOTAactivationprovisioningofgenericSKUretailModelB1devicesare: Note:SmartCardsupportsisoutofscopeofthisspecification. 1) Outofbandsubscriptionestablishment:Userestablishesatemporary,newpermanent,orpreviously cancelled/expiredsubscriptionwithaserviceproviderwithouttheuseofanetworkconnectionfromthe devicetobeprovisioned(e.g.,receivingupdatedconfiguration,networkIDlistsandauthentication information,asrequired,viaasecurewebportal).Thentoactivatethedevice,eithertheserviceprovider triggersanetworkinitiatedprovisioningsessionorthedevicetriggersaclientinitiatedprovisioningsession whenthedeviceattachestothenetwork. 2) Inbandsubscriptionestablishment:Userestablishesatemporary,newpermanent,orpreviously cancelled/expiredsubscriptionwithaserviceproviderthroughtheuseofanetworkconnectionfromthe devicetobeprovisionedwhichtheneithertriggersanetworkinitiatedprovisioningsessionorthedevice triggersaclientinitiatedprovisioningsessionwhilethedeviceisattachedtothenetwork. 3) Thesubscribedusereitheradds(temporarilyorpermanently)anewdevicetotheactiveusersubscription accountormodifiestheusersubscriptiontoreplaceanactivelysubscribeddevicewithadifferentdevice, eitherthroughinbandoroutofbandsubscriptionestablishmentmethods.Afterwhich,thenewly subscribeddeviceisactivatedthroughtheuseofanetworkinitiatedorclientinitiatedprovisioningsession whilethenewlysubscribeddeviceisattachedtothenetwork. TheusecasesforOTAactivationprovisioningofpartiallyprovisionedServiceProvidersubsidizedModelAandB2 typedevicesare: 4) ThedevicehasbeenpartiallyprovisionedwithdataspecifictoagivenserviceproviderXbeforeitis acquiredbytheuser.ThedevicecanonlybeprovisionedforservicewithserviceproviderX.OTA provisioningcompletestheconfigurationofthedevice. a. b. c. Usersubscriptionisperformedoutofbandanddeviceisactivatedovertheairinservice providersXnetworkasincase1. UsersubscriptionisperformedinbandinserviceprovidersXnetworkanddeviceisactivated overtheairinserviceprovidersXnetworkasinusecase2. UsersubscriptionwithserviceproviderXalreadyexists.Usersubscriptionismodifiedinbandor outofband.Thesubscribedusereitheradds(temporarilyorpermanently)anewdevicetothe activeusersubscriptionaccountormodifiestheusersubscriptiontoreplaceanactivelysubscribed deviceasinusecase3.
TheusecasesforOTAcontinuousprovisioningforModelAandModelBtypedevicesare: 5) Whenthedeviceisattachedtothenetwork,theserviceprovidertriggersanetworkinitiatedupdatetothe configurationinformationstoredinthedevice(e.g.,usersubscriptiondata,ND&Sconfiguration information,changethedevicelock/unlockstate,etc.)whentheserviceproviderdeterminesitisneededto updateorchangethebehaviorofthedevice. 6) Whenthedeviceisattachedtothenetwork,theuserorsupportpersonneltriggersaclientinitiatedupdate totheconfigurationinformationstoredinthedevice(e.g.,usersubscriptiondata,ND&Sconfiguration information,changethedevicelock/unlockstate,etc.)whenitisdeterminedthatimprovementsinthe devicebehaviorareneeded. TheusecasesforOTAreprovisioningforModelAandModelBtypedevicesare: 7) Asubscribedandactivateddeviceisattachedtothenetwork,thedeviceusesthedeviceauthenticationand theinitialprovisioningandactivationdecorationsincethedevicewishestobefullyreprovisionedbythe server.Thenetworkperformsfullinitialprovisioningandactivationflowwiththedeviceasitisaninitial activationwithOutOfband(OOB)subscription. TheusecaseforOTAdeferredprovisioningforModelBtypedeviceis:
Page9 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
WMFT33103R015v02
8) Userestablishesasubscriptionwithaserviceprovider.Thesubscriptionisobtainedoutofbandorinband. Aftersubscription,thedeviceisconsideredactivatedbytheNWbuttheNWdoesnothavetheabilityto initiallyprovisiontheMSwithanyparameterhencethedeviceisnotawareoftheactivation.However,the nonactivatedawaredeviceisstillcapableofcompletingnetworkentryasanunprovisioneddeviceand receivesomelevelofservice.Atalaterdate,oncethenetworkdeploysaDMserveritcanperforminitial provisioningofthedeviceduringthenextnetworkentry. TheusecasesforOTAactivationprovisioningbasedonsmartcardare: 1) Asmartcardisinsertedintothedeviceforthefirsttime.Thesmartcardcontainsinformationthatprovides contactinformationfortheprovisioningserverintheServiceProvidernetworkaswellasasetofshared secretswiththeprovisioningservertodefineatrustrelationship.Thesmartcardallowsthedeviceto connecttoacorrectnetworkandgetprovisioned.Itcanbeusedbyalldevicetypemodels(AandB). 2) Asmartcardisinsertedintoauseddevicethatmightcontainerroneousprovisioningparametersfroma previousconfiguration.Thedevicewillusetheinformationinthesmartcardtoobtainapropersetof parametersandthengetsprovisionedusingtheseparameters.
Page10 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2
TheOTAProvisioningarchitectureisbasedonWiMAXRelease1NetworkReferenceModel.
6.1
6.1.1
Functional description
Provisioning Server
Page11 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
6.2
TheOMADMBootstrapspecification[DMBOOT]definestwoformatsfortheinnercontentofthebootstrap message,calledbootstrapprofiles. OMAClientProvisioningThisprofilespecifiesalignmentoftwoexistingenablersOMAClient Provisioning[ERELDCP]andOMADeviceManagement[ERELDDM].Theprofiledefineshowthe informationprovisionedusingOMAClientProvisioningcanbetransferredtothemanagementtree specifiedintheOMADeviceManagement. OMADeviceManagementThisprofiledefineshowtheOMADeviceManagement[ERELDDM]can beusedforbootstrapping. WiMAXdevicesMUSTsupporttheOMADeviceManagementprofileforthebootstrapmessage.Thismeansthe UDPpayloadofthebootstrapmessageMUSTbeformattedinaccordancewith[ERELDDM],andthenencryptedas describedin[OTAGEN]SecurityConsiderationsection. SupportforOMAClientProvisioningoverWiMAXisnotprohibited,butisnotrecommendedeither. TheencryptedbootstrapmessageandthenoncevalueSHALLbetransmittedtotheclientinaTLVencoded messageasdescribedintheBootstrapMessageEncodingsectionoftheOTAGeneralSpecification[OTAGEN].
Page12 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
7 7.1
TheFigure2illustratestheoverviewoftheactivation&provisioningprocedure.Thisprocedureconsistsof followingthreephases: 1) PreProvisioning. 2) SubscriptionandProvisioning. 3) PostProvisioning. TheFigure2coversthefollowingusecases: 1) Userhasestablishedbusinessrelationship(existingsubscription)withserviceprovider.Provisioninganun provisioneddevicewhenthedeviceisattachedtothenetwork. 2) Userestablishesbusinessrelationshipwithserviceproviderwhileattachedtothenetworkwithanun provisioneddeviceandthedevicereceivesprovisiondata. 3) Thesubscribedusereitheraddsanewdevicetotheusersubscriptionaccountorreplacesanexistingdevice withanewdevice. 4) Serviceproviderupdatestheinformationstoredinanalreadyactivateddevice(e.g.,usersubscriptiondata,etc.) whenitisneeded(i.e.,continuousprovisioning).Referbacktosection5fordetaileddescriptionoftheseuse cases. 5) Userhasestablishedbusinessrelationshipwithserviceprovider,devicelostprovisioneddata.Reprovisioning analreadyprovisioneddevice(accordingtoserverinformation)whenthedeviceisattachedtothenetwork. WorkingAssumption: 1) Oneormorespecificprovisioningprotocolclientsareinstalledinthedevice. 2) ThedefaultsubscriberpolicyandhotlinerulesareinstalledattheHAAAbythenetworkserviceprovider.The procedureforinstallingtheserulesareoutsidethescopeofthespecification. 3) ThehotlinefunctionisRECOMMENDED.
Page13 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 Figure 2: Provisioning & Activation Phases TheModelA,B1,andB2devicesSHALLperformallofthesephases.ThereMAYbeaslightvariationwithineach phaseforeachdevicemodelorusecase.Thedetailedprocedureisspecifiedinthefollowingsectionsandthe [OTAOMADM]orthe[OTADSLTR069]specification.Thefollowingparagraphdescribessomeofthemain procedureswithineachofthephases. PreProvisioningPhase(Steps110): 1. Thedeviceperformschannelacquisitionandranging. 2. ThedevicedetectsoneormoreavailableWiMAXNAPsanddiscoversavailableNSPsassociatedwithone ormoreNAPs.
Page14 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 3.
WMFT33103R015v02
ThedevicediscoversavailableNSPsassociatedwithoneormoreNAPsandanNSPbasedonsome preferencecriteria(ifavailable). 4. ThedeviceidentifiesaccessibleNSPsandselectsanNAPandanNSPbasedonsomepreferencecriteria(if available).Or,theuserperformsNSPmanualselection. 5. ThedeviceperformsNetworkentryprocedureswithaspecialdecoratedNAIforenteringtheprovisioning mode.TheNetworkentryproceduresSHALLbebasedon[NWGSTG3]. 6. TheNSPMAYdecidetoauthorizelimitedaccesstothedeviceforthepurposeofcreatingabusiness relationshipwiththeuser.ThelimitedaccessiscontrolledbyusingtheHotlineprocedure[NWGSTG3], wheretheHAAAwillnotifytheASNGWthatthedeviceistobehotlined,viatheISFauthorization,i.e., AccessAccept. 7. TheHAAAMAYactivatehotliningifdecidedbytheNetworkServiceProvider.IftheNetworkService Providerhasdecidedthatunprovisioneddeviceshavetobeputinthehotlinedstate,thehotliningcanin activatedeitherintheASNGWorintheHA(itdependsontheASNGWandtheHAcapabilities).TheH AAAprovidesthehotlineattributes.Intheexample,thehotlineattributesareprovidedtotheASNGW. ThehotliningMAYbeassimpleasblockingallIPtrafficbetweenthedeviceandotherhosts,detailof hotliningrule,seesection8.6. 8. ThedeviceperformstheDHCPproceduretoobtainapointofattachmentaddressBasedontheISFdata, theASNGWinitiatesthedatapathsetupwithaproperclassifierinstalled. 9. ASNGWsendsaccountingstartinformationtoHAAA. 10. Uponreceivingaccountingstartinformation,theHAAAinformstheprovisioningserverofthedevice status. SubscriptionandProvisioningPhase(Steps1115): TheactualorderofthesestepsMAYvarydependingontheimplementationofthesubscriptionportal subsystem,andthedevicemodel.DuringtheentireSubscriptionandActivationphasethesubscriptionportal shouldbeusedasthemeantointeractwiththeuseranddelivermessagestohim(suchasactivationin process,yourdevicewassuccessfullyactivatedetc). Thekeystepsinthisphasearethefollowing: 11. Thebootstrapprocedureisperformed.Accordingtothedevicetype,oneofthefollowingtwostepsorboth areperformed. a. ThedeviceandtheprovisioningserverperformaWIBprocedure.TheWIBprocedureisamethod toallowtheclienttoadvertisetheDMOTAprotocolitsupports,thenetworktoselecttheDM OTAprotocoltobeused,andtodeliverDMOTAprotocolspecificbootstrapinformation.This isanoptionalstepforsometypeofdevices. b. ThedeviceandtheprovisioningserverperformaBootstrapping&Devicecapabilitiesprocedure. TheBootstrappingprocedureisamethodfortheprovisioningservertodeliverthebootstrap informationtothedevice.ThebootstrapinformationMAYcontaintheprovisioningserver contactinformationandcredentials.ThebootstrappingprocedureMAYbepartoftheWIB procedure.ThedevicecapabilitiesinformationMAYbedeliveredtotheprovisioningserver throughDMsessionfollowingthebootstrappingprocedure. 12. TheprovisioningserverMAYsubscribedevicestatustotheHAAAserverifnecessary.Thenifthestatus ofthedeviceischangedtheHAAAserversendsanotificationmessagetotheprovisioningserver. A. Thedevicecapabilitiesinformationisdeliveredtosubscriptionportal. 13. TheusercreatesabusinessrelationshipenablingaccessviatheselectedNSPtothesubscriptionportal. Basedontheuserinputanddevicecapabilities,thesubscriptionportalcreatesauseraccount. B. TheuseraccountinformationisdeliveredtoadatabasewheretheHAAAandtheprovisioningserver haveaccesstotheinformation. 14. Theuseraccountinformationisstoredinthedatabase. C. Thesubscriptionportalrequeststheprovisioningservertoinitiatetheprovisioningprocess. 15. Amanagementsessionisestablishedbetweentheprovisioningclientandtheservertodeliverthe provisioningdata.Theprovisioningprocedureisamethodforthedevicetoacquireandstorethe provisioningdata,i.e.,managedobjects.EithertheprovisioningclientortheserverMAYinitiatethe managementsession. D.Theprovisioningserverresponsestheprovisioningresultstothesubscriptionportal. PostProvisioningPhase(Steps1617):
Page15 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral 1 2 3 4 5 6 7 8 9 10 11 12
WMFT33103R015v02
16. Uponcompletionoftheprovisioningphase,theHAAAwillrequesttheASNGWtoinitiatethenetwork exitprocedure[NWGSTG3]. 17. IftheNWExitprocedurewasinitiatedwithin90secondsfromthetimeofprovisioningcompletion,the devicewilltreatthisNWExitasthelastphaseofOTAactivationandthenperformthenetworkexitand reentryprocedureusingthenewcredentialstoensurethenetworkaccesskeysareproperlyinstalledand used. IfNWExithappenedpastthattime,thedeviceusesitsnormalND&Salgorithm. Notethatduringcontinuousprovisioning,theserviceproviderupdatestheinformationstoredinthedevicealready associatedandprovisionedwithanactiveuseraccount.Thecontinuousprovisioningoperationonlyrequiresthestep 15ataminimum.
Page16 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
TheWiMAXInitialBootstrap(WIB)procedureenablesthediscoveryandnegotiationofthedevicemanagement (DM)OTAprotocoltobeusedbetweenthedeviceandthenetwork.TheprocedureconsistsofWIBserver discoveryusingDNSSRVrecords[RFC2782],andWIBOTAprotocolnegotiationusingsimpleHTTPbetweenthe deviceandtheWIBserver. ThedeviceinitiatestheWIBserverdiscoveryandprotocolnegotiationuponobtainingapointofattachmentIP addressusingDHCP,andprovidesinformationabouttheOTAprotocolsitsupportstotheWIBserverusingthe HTTPGETmethod.TheWIBserverusestheinformationprovidedbytheclient,selectsanappropriateOTA protocol,andprovidesOTAprotocolspecificbootstrapinformationabouttheselectedprotocolintheHTTP response.IfamutuallysupportedOTAprotocolcannotbeselected,theWIBserverrespondswithanHTTPerror, andtheOTAprovisioningcannotproceed.Withthesuccessfulexecutionofthebootstrappingprocess,asecurepath betweenthedevicesDMclientandtheDMprovisioningservercanbeestablishedandtheprotocolspecific provisioningprocessforthedevicecanbegin. WIBserverisafunctionalentitythatenforcesOTADMprotocolforaparticulardomain,andMAYstorethe configurationbootstrapinformation,MAYactasaproxytodeliverthebootstrapinformation,orMAYredirectthe devicetoanotherserverthatcandeliverthebootstrapinformation.ThefigurebelowillustratestheWIBprocedure.
Device DNS H-AAA WIB Server (50.40.30.20) Provisioning Server
2a. HTTPGET/bootstrap.wib?version=0&msid=MAC&protocol={OMA-DM, TR069} 2b. Based on local policy: may http redirect, request bootstrap info 2c. HTTP OK <application/vnd.wmf.bootstrap: protocol=OMA-DM or TR069; DM-specific bootstrap information>
Page17 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
Requirements
B1andB2devicesSHALLbeabletosupportallthefunctionsspecifiedinthissection.However,duringtheactual OTA provisioning operation, A and B2 type devices with sufficient preconfigured information SHALL NOT be requiredtofollowallthestepsspecifiedhere.
9.1
1. 2.
General Requirements
OMA DM SHALL be mandatory for provisioning all Model B (retail) WiMAX devices, i.e., for all WiMAXretaildevicesOMADMisthedefaultOTAprovisioningmechanism. In addition to OMA DM, TR-069 SHALL be also mandatory for provisioning Model B (retail) WiMAX devices classified as CPE gateway, and this option is selectable by the service provider at initial DM protocol discovery phase. WIB procedure MUST be run on devices supporting a provisioning protocol other than OMA DM. WIB procedure MUST be run on devices supporting only OMA DM if they cannot support OMA DM server initiated bootstrap, i.e., the UDP Push bootstrap. All networks supporting OTA provisioning MUST support WIB procedure. Networks supporting OMA DM MUST start the OMA DM server initiated bootstrap immediately after notification from AAA (i.e., UDP Push). The device MUST use the first bootstrap message it successfully received (either WIB or UDP Push) and silently discard all subsequently received bootstrap messages. In the case of WIB, after initial DM protocol discovery the device SHALL be provisioned using the negotiated protocol. Network MUST respond to device provisioning request {sm=1} even if device is considered provisioned by the network. The network SHALL initiate a provisioning flow with the device.
3. 4. 5. 6. 7. 8. 9.
[Note:InR1.5,OMADMwillnotsupportalltheCPEparameters.Thesewillbeworkedinfuturereleases.] 9.1.1 Model B (Retail Model) WiMAX Devices and Their Management
ThefollowingTable1providestheclassificationofModelBWiMAXdevicesandtheirDeviceManagement protocol. Table 1 - Model B device DM requirement Typeofdevice WiMAXCPEGateway otherWiMAXdevices DMRequirementsatdevice OMADMMandatory TR069Mandatory OMADMMandatory
28 29 30 31 32 33 34 35 36
9.2
Device Requirements
Inordertoacquireprovisioningdata,thedeviceSHALLperformthefollowingsteps: 1) ThedeviceSHALLperformdeviceauthenticationasapartofthenetworkentryprocedureasdefinedin [NWGSTG3]Section4.3(NetworkEntryandExit),withthefollowingsubclauses: a. When the device responds with an EAP Response/Identity message providing the NAI, the device SHALLincludetheWiMAXOTAprovisioningservicemodeattributevaluepair(avp),i.e.sm=1,in theWiMAXdecorationoftheNAItoindicatethatthedeviceisenteringthenetworktoperformOTA provisioningandactivation.TheNAIformatMUSTconformto[NWGSTG3].
Page18 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 b.
WMFT33103R015v02
c.
9.3
InthecaseofOMADMactivationandprovisioningsolution,theprovisioningserverSHALLsupporttheOMA DMProtocol[DMERELD]andthe[OTAOMADM]specification. InthecaseofDSLTR069activationandprovisioningsolution,theprovisioningserverSHALLsupporttheTR069 Protocol[DSLTR069]andthe[OTATR069]specification. TheprovisioningserverMAYsubscribetothedeviceeventstatuswiththeHAAAwhenreceivingthe bootstrappingorprovisioningrequest.Whensubscribingtothedeviceeventstatus,thesubscriptionmessage SHALLincludeatleasttheMACaddressofthedeviceasanMSID. Iftheprovisioningserverreceivesamessagewhichcontainsinvalidattributesorthemessageformatisnotvalidor themessagedoesnotcontainallthemandatoryattributestheprovisioningserverSHALLignorethereceived messageandrespondtothesenderwithanappropriateresponsemessageifitisavailable.
9.4
1. 2. 3. 4.
ASN-GW Requirements
UponreceivingtheEAPResponse/IdentityfromthedevicetheASNGW(NAS)SHALLperformthe networkentryprocedureasspecifiedinthe[NWGSTG3]specification. TheASNGWSHALLprocesstheAccessAcceptmessageasspecifiedinthe[NWGSTG3]specification. UponsuccessfulestablishmentofanIPsessionwiththedevice,theASNGWSHALLsendthe AccountingRequestStartmessage. TheASNGWSHALLsupportthenetworkexitprocedurebasedontheNetworkTrigger,asspecifiedin [NWGSTG3]Section4.5.2.1.2.(NetworkTrigger).
TheASNGWSHALLconformto[NWGSTG3]withthefollowingsubclauses:
9.5
AAA Requirements
Page19 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
WMFT33103R015v02
2) TheHAAASHALLusetheaccesspolicyoftheprovisioningmodetocreatetheInitialServiceFlow (ISF). IftheNWhasprovisioningcapabilities,Itisrecommendedthat,fornonsubscribedMSs,theaccesspolicy oftheprovisioningmodeSHOULDlimitaccesstoonlythesubscriptionportal,theWIBserverandthe provisioningserver(ifavailable),aswellaslimitthenumberofpreprovisionedserviceflows. (TheNWmayhaveadifferentpolicyforsubscribeddevicesthatentersintheprovisioningmodei.e.re provisioning). IftheNWdoesnothaveprovisioningcapabilitiestheuseoftheprovisioningaccesspolicybytheHAAA isexpectedonlyinthecasethattheMSdoesnothaveasubscription.AfterSubscriptionhasbeenobtained, itisuptotheoperatortodecidethelevelofaccesstheHAAAallowsforthisMS. UponthereceptionoftheAccountingStartmessage,theHAAASHALLsendanotificationtotheWIBand provisioningservers(iftheyareavailable)containingthecomputedBEK,theMSID,theIPaddressofthedevice, andthevalueoftheSessionTimeoutAttribute[NWGSTG3].Thenotificationprotocolisoutofthescopeofthis document. Inthecasewheretheprovisioningserversubscribestotheeventstatusofaspecificdevice,theHAAAserver SHALLnotifytheeventstatustotheprovisioningserverbydeliveringthecomputedBEK,theMSID,theIP addressofthedevice,andthevalueofSessionTimeoutAttribute,uponreceivingtheAccountingStartmessage. Theprotocolofsubscriptionandnotificationoftheeventstatusmethodisoutofthescopeofthisdocument. Uponcompletionoftheprovisioningphase,theHAAASHALLinitiatethenetworkexitprocedure,asspecifiedin the[NWGSTG3]specificationinSection4.5.2.1.2.Themethodofdetectingthecompletionoftheprovisioning phaseisoutofthescopeofthisdocument. Whenprovisioningdataisupdatedtothedeviceviacontinuousmanagement,HAAASHALLtakeall authenticationrelatedparametersintouseinthenextauthenticationorreauthentication. AllAAArelatederrorcaseproceduresdefinedin[NWGSTG3]SHALLbefollowed.
9.6
TheHotlinefeatureasdefinedinthe[NWGSTG3]specificationMAYbeusedwiththeWiMAXOverTheAir provisioningandactivationproceduretoenhancetheuserexperienceandtoprovidenetworkaccesscontrol. TheHAAAMAYactivatehotlining,dependingonthepolicyoftheNetworkServiceProvider,i.e.,Network ServiceProviderMAYdecidethatunprovisionedornonactivateddevice(s)enteringthenetworkhavetobehot lined.HowtheHAAAisawareofthisdecisionisoutofthescopeofthisdocument. TheHotliningfunctionoftheHotLiningDevice(HLD)MAYbeimplementedintheASNGWortheHA dependingontheircapabilities.TheHotlineSessionTimerandHotLiningRulesareprovidedbytheHAAA.As analternativetotheHotLiningRules,theHotlineProfileIDMAYbeprovidedbytheHAAA,andthenasetof rulespereachdifferentHotlineProfileIDSHALLbeconfiguredintheASNGWortheHA. Ifthehotliningisactivated,theHotlineProfileortheHotLiningRulesSHALLbeconfiguredinthewaythat: TheHotlineProfileandHotlineRulesSHALLNOTaffectCMIPandDHCPtraffic. TrafficbetweenthedeviceandtheDNSserverSHALLbepassed. TrafficbetweenthedeviceandtheprovisioningserverSHALLbepassed. HTTPtrafficbetweenthedeviceandthesubscriptionportalSHALLbepassed. AdditionalotherspecialtrafficMAYbealloweddependingonthepolicyoftheNetworkServiceProvider. (e.g.,HTTPtraffictosomeotherspecialservers) OtherHTTPtrafficMAYberedirectedtoanOperatorPortal. AdditionalothertrafficMAYbealloweddependingonthepolicyoftheNetworkServiceProvider.
Page20 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
9.7
AdevicethatdoesnotsupportOMADMorTR069serverinitiatedbootstrapSHALLusetheWIBprocedure (Section8)basedonDNSandHTTP.ThedeviceSHALLperformaDNSSRVquery[RFC2782]toresolvethe locationoftheWIBserveruponIPsessionestablishment.TheServiceintheSRVquerySHALLbewimax bootstrap.TheprotocolintheSRVquerySHALLbetcp,IfthetargetNSPrealmisavailabletheNameinthe SRVquerySHALLbethedomainofthetargetNSPrealm.IfthetargetNSPrealmisnotavailablefromthe802.16 SBCRSP,theNameintheSRVquerySHALLbetheDomainNameobtainedfromDHCPprocedure(DHCP option15[RFC2132].TheDNSserverSHALLresolvethisdomainnametotheFQDNoftheWIBserverofthe NSP. DNSrelatederrorcasesaredefinedin[RFC2782]specification.Ifthedeviceisnotabletounderstandthereceived DNSSRVresponsemessageorthedevicedidnotreceivethemessageitMAYsendanewDNSSRVquerytothe networkuntilthemaximumretrycountisexhausted.IftheWIBserveraddressresolutionissuccessful,thedevice SHALLopenaHTTPsession[RFC2616]totheWIBservertoinformtheWIBserverofthesupportedDMOTA protocol(s),andretrievethebootstrapinformation.ThedeviceSHALLusetheHTTPGETmethodwiththe RequestURI/bootstrap.wib?version=VERSION&msid=MAC&protocol={PROTOCOL}.ThedeviceSHALL providetheMACaddressintheURIusingtheMSIDqueryparameterandSHALLindicatetheWIBHTTPprotocol versionintheURIusingtheversionparameter(seeTable3forsupportedversions).ThedeviceSHALLprovidea commaseparatedlistofthesupportedprovisioningprotocolsintheprotocolparameterthevaluesarespecifiedin Table2. Table 2 - Values of PROTOCOL PROTOCOL OMADM TR069 Reserved Value 0 1 265535
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
Forexample,whenassumingthefollowingparameters VERSION=0 MAC=001122334455 PROTOCOL=OMADM WIBServerDomain=wibserver.foo.com TheURIwillbehttp://wibserver.foo.com/bootstrap.wib?version=0&msid=001122334455&protocol={0} WhenassumingthefollowingparametersforadevicethatsupportsbothOMADMandTR069 VERSION=0 MAC=001122334455 PROTOCOL=OMADMorTR069 WIBServerDomain=wibserver.bar.com TheURIwillbe"http://wibserver.bar.com./bootstrap.wib?version=0&msid=001122334455&protocol={0,1}"
Page21 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WMFT33103R015v02
Iftheprotocolparameterisnotpresent,theserverSHALLbehaveasifOMADMwasspecified.Thedevice MAYprovideadditionaloptionalparametersintheRequestURI.Thefollowingoptionalparametersaredefined: vendorandmodel.Theseparameterscanbeusedbythedevicetonotifythenetworkofthevendornameand modelIDofthedeviceitself.ThenetworkMAYusethisinformationtoselecttheDMprotocoltobeusedandto determinethebootstrapinformation.ThedeviceSHALLprovideanAcceptHeader[RFC2616]containingthe mediatypedefinedforthebootstrap(application/vnd.wmf.bootstrap). WIBserverSHALLrespondtothedevicewithoneofthefollowingHTTPresponses: 1. 200OK.IftheWIBservercanprovidethebootstrapinformationforthedeviceidentifiedwiththeMAC address,theWIBserverSHALLreplywithanHTTP200OKmessagecontainingthebootstrap informationintheresponsebodyencodedasspecifiedinsection10.1.TheContentTypeofthereply SHALLbeapplication/vnd.wmf.bootstrap. 302Found.IftheWIBserverdoesnotsupportbootstrapinformationdeliverybutcanredirectthedeviceto anotherserverthatcanprovidethebootstrapinformation,theWIBserverSHALLreplywithanHTTP302 FoundmessagecontainingtheURItothelocationofthebootstrapinformation.Uponreceivingtheredirect thedeviceSHALLopenanHTTPsessiontotheindicatedURLandSHALLusetheHTTPGETmethod withthenewserver.ThenewserverSHALLsupporttheWIBHTTPquerywiththeparametersand responsesspecifiedinthischapter. 400BadRequest.IftheWIBserverdoesnotunderstandtherequestduetomalformedsyntax,corrupted packet,decodeerror,unsupportedWIBprotocolrevision,etc.,itSHALLreplywithan400BadRequest messagewhichindicatesthefailureoftheOTAprovisioningprocedure. 403Forbidden.IftheHTTPGETmessagecontainsanOTAProvisioningprotocolwhichisnotsupported bytheassociatedWiMAXnetworkoftheWIBserverorisnotallowedfortherequestedandknowndevice (e.g.nonCPEdeviceidentifiedviaMACaddressrequestingonlyTR069protocol).InthiscasetheWIB serverSHALLreplywithanHTTP403ForbiddenmessagewhichindicatesthefailureoftheOTA provisioningprocedure. 404NotFound.Iftheservercannotprovidethebootstrapinformationorredirectthedevicetoanother server,itSHALLreplywithanHTTP404NotFoundmessagewhichindicatesthefailureoftheOTA provisioningprocedure.
2.
3.
4.
5.
IfthedevicedoesnotreceivetheWIBHTTPresponsemessageorthedevice isnotabletounderstanditthe deviceMAYsendanewWIBHTTPGETmessagetothenetworkuntilthemaximumretrycountisexhausted. Itisnotinthescopeofthisdocumenttodefinethevalueformaxretries. InordertoensurerobustnessofWIBprotocolindependentoftheexactNWprovisioningimplementation,itis recommended that the device will retry WIB procedure several times spread over a minimum period of 10 minutesbeforedecidingthattheretrycounterisexhausted(forexample10retries,1everyminute). In all WIB procedure error cases occurring during initial provisioning the device SHOULD perform network exitprocedureasdescribedin[NWGSTG3]afterthemaximumretrycountisexhausted. 9.7.1 Bootstrap Message Encoding
ThebootstrapinformationSHALLbeprovidedtothedeviceusingtheformatdefinedforthebootstrap,i.e., application/vnd.wmf.bootstrap.Thebootstrapinformationconsistsofafixedsizeheaderfollowedbyavariablesize dataasdescribedbelow. Table 3 - Bootstrap Message Encoding Header Protocol 2 Length 4 Data Data Variable(02169)
Page22 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral OctetSignificance Value MSB 0 165535= Reserved 1 2 3 4 5 6 7 8 9 10 11 12 Field NumberofOctets OctetSignificance Contents 13 Field NumberofOctets OctetSignificance Contents MSB Type 2 LSB MSB MSB Type 2 LSB MSB 13 LSB MSB LSB MSB LSB
WMFT33103R015v02
DMprotocolspecific DMprotocolspecific
Datalengthasa numberofoctets
TheversionfieldSHALLcontainthevalue0forthisversionoftheprotocol.TheprotocolfieldSHALLbeavalue takenfromtheTable1.ThedataportionSHALLcontainDMspecificbootstrapinformationencryptedand authenticatedusingAESCCMasdescribedinSection10.1WiMAXBootstrapSecurity.Theencryptedbootstrap documentandthenoncevalueMAYbetransmittedtotheclientinaTypeLengthValue(TLV)encodedmessageas describedinTable5andTable6.TheexacttypeandnumberofTLVsusedintheWIBresponseisspecifiedinthe relevantdocuments[OTAOMADM]and[OTATR69]. ThesizeofthetypefieldSHALLbetwooctets,thesizeofthelengthfieldSHALLbefouroctets,andthesizeof thevaluefieldSHALLbe13octetsforthenoncevalueand021634octetsfortheciphertextvalue.TheTLVsthat SHALLbeusedaredescribedinTable5andTable6. Table 4 - Encoding of Nonce TLV Length 4 LSB Value 13 MSB LSB
0=Nonce
Thenoncevalueselectedbytheserver.
Table 5 - Encoding of Ciphertext TLV Length 4 LSB Value Variable(021634) MSB LSB
1=Ciphertext
Encryptedbootstrap
14 15 16 17 18 19 20 21 22 23 24 25
Page23 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
10
Security Considerations
Inordertoensuresecurecommunicationbetweenthedeviceandserverthefollowingdescribestheminimumsetof ciphersuitesthatSHALLbesupportedbythedeviceandserver. TheOMADMandTR069serversSHALLsupportasubsetoftheciphersuitesdefinedin[RFC3268].Theservers SHALLimplementthefollowingsetofciphersuiteslistedinpriorityorderfromthehighesttothelowest. TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TheOMADMandTR069deviceSHALLsupportatleastoneoftheseciphersuites.Thedeviceandserver SHALLnegotiatethestrongestciphersuiteavailabletobothendpointsasapartoftheestablishmentoftheTLS connection. ItisrecommendationthatthedeviceSHOULDbeconfiguredtosupport TLS_RSA_WITH_3DES_EDE_CBC_SHA. TheimplicationsofthisarethattheOMADMserverandTR069serverhavetouseRSAbasedcertificatesand supportatleastoneof3DES,AES128,andAES256fortheTLSbasedcommunicationwiththedevice.The deviceandserverarefreetoaddanyotherciphersuitewhichisconsideredtohavesimilarorstrongercryptographic propertiestotheircapabilitylists,butthedefinitionshereSHOULDserveastheminimumandthereforecommon baseline. TheproceduresdescribedheredefineamethodforprotectingtheOTAtransportoftheOMADMorTR069 bootstrapinformationwhichcontainsconfigurationdataaswellascredentialsnecessaryforsubsequentOMADM orTR069transactions.Themethoddescribedhereisgenericinthatthekeyandtheencryptionmethodare independentoftheprovisioningprotocol. Thisspecificationdoesnotaddressthestorageorsecureusageofthisbootstrapinformationonceithasbeen deliveredtothedevice.Thisspecificationdealssolelywiththemethodinwhichthebootstrapinformationissecured fordeliverytothemobilestation.Itistheresponsibilityofimplementationstoensurethatthekeys,credentialsand allotherrelatedcontentisappropriatelysecuredduringprocessingwithinthedevice.
10.1
TheBootstrapEncryptionKey(BEK)isderivedfromtheEMSKasfollows. BEK=the16mostsignificant(leftmost)octetsofHMACSHA256(EMSK,bek@wimaxforum.org).The bek@wimaxforum.orgisasciiandisnotnullterminated. ThelifetimeoftheBEKissettothelifetimeoftheEMSK. TheBEKisboundtotheEMSKwhichisalreadyboundtothedevicesonoadditionalkeybindingisnecessaryin theBEKkeyderivationprocedure. TheAAAdeliverstheBEK,MSIDandthedevicesIPaddresstotheentitywhichisdeliveringthebootstrap informationtothedevice.ThemethodtheAAAserverusestodelivertheBEKtotheWIBand/orProvisioning Serverisoutofscopeofthisdocument,butsecuritycontrolsareassumedtobeinplaceforit.TheBEKkeyisthen usedtoauthenticateandencryptthebootstrapdocumentforsecuredeliverytothedeviceperthedetaileddescription inthefollowingsection.
Page24 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Field Value 17 18 19 20 21 22 OctetNumber OctetSignificance NumberofOctets Field Value 23 24 OctetNumber OctetSignificance NumberofOctets Field Value
WMFT33103R015v02
10.1.2
ThebootstrapinformationSHALLbeprotectedutilizingAESintheCCMmode[NIST80038C].TlenSHALLbe 64andtSHALLbe8.ThenumberoftheoctetsinthemessageauthenticationcodefieldSHALLbesetto8. ConsistentwiththeCCMspecificationthe3bitbinaryencoding[(t2)/2]ofbits5,4,and3oftheFlagsoctetin B0SHALLbe011. ThesizeqofthelengthfieldQSHALLbesetto2.ConsistentwiththeCCMspecification,the3bitbinary encoding[q1]oftheqfieldinbits2,1and0oftheFlagsoctetinB0SHALLbe001. ThelengthaoftheassociateddatastringASHALLbesetto0. ThenoncevalueSHALLbe13octetslong(15q)asshowninTable6.Theoctets0through7SHALLbesettoa 64bitcryptographicqualityrandomnumber(RAND).Theoctets8through12arereservedandsettozero. Note:ThesetofnoncevaluesusedwithagivenBEKMUSTnotcontainduplicatevaluessinceusingthesame noncemorethanoncecompromisesthesecuritypropertiesofAESCCM.Theuseofasufficientlylargerandom numberalongwiththeexpectationthatthebootstrapinformationwillbeencryptedandtransmittedasmallnumber oftimesrelativetothesizeoftherandomnumberisexpectedtomaintainthesecurityofAESCCMforthis application. Table 6 - Nonce Construction (13 Octets) Octet 0 1 2 3 4 5 6 7 8 9 10 11 12 RAND RandomValue Reserved 0x0000000000
Theprovisioningservergeneratesacryptographicqualityrandomnumber,populatestheRANDfieldofthenonce andprocessesthebootstrapinformationwithAESCCM.Theprovisioningserverthentransmitstheprotected documenttothedevice.Uponthereceptionofaprotectedbootstrapmessagethedevicedecryptsandauthenticates thedocument. ConsistentwiththeAESCCMspecification,theinitialblockB0isformattedasshowninTable7. Table 7 - Initial CCM Block B0 0 1 Flags 0x19 113 MSBLSB 13 Nonce AsspecifiedinTable2 1415 MSBLSB 2 Length O
ConsistentwiththeAESCCMspecification,thecounterblocksCtrjareformattedasshownin Table 8 - Counter block Ctrj 0 1 Flags 0x1 113 MSBLSB 13 Nonce AsspecifiedinTable2 1415 MSBLSB 2 Counter j
Page25 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE
WiMAXForumNetworkArchitecture OTAGeneral
WMFT33103R015v02
1 2 3 4 5 6 7 8
9 10
Page26 WiMAXFORUMPROPRIETARYANDCONFIDENTIALSUBJECTTOCHANGEWITHOUTNOTICE