Security Services 2-41
September 2008
Chapter 2 - MTM800 Product Information Manual 6866537D87-F
The Permanent Disable is recommended to be invoked when it has been determined that a MS is
absolutely unrecoverable. When a MS has been lost or stolen, the first step always is to stun
(Temporary Disable) the MS, followed by a disabling of the user in the Radio User Record of the
UCM.
Permanent Disable is recommended to be used in conjunction with the deletion of the user’s Radio
Record in the UCS and the deletion of the K-Ref association of the disabled MS in the PrC and the
AuC that lies within the cluster where the MS’s home zone is located. This ensures that subscriber
information is not downloaded into the HLR if a restore of the UCS is performed.
The system operator has to also ensure that the MS’s K-Ref association is also removed from the
other AuCs in the network, in cases where the K-Ref pairs are duplicated across the network. Note
that if this is not performed, the MS could be assigned a new home zone that lies in a cluster where
the K-Ref association has not been deleted.
Benefits:
❏ Immediate and complete disabling of the subscriber by the dispatcher via the air interface if
the terminal is not expected to be recovered.
11.7 PIN & PUK Numbers
The terminal is capable of requiring a Personal Identification Number (PIN) for authentication from
the user before it performs any network operation. The PIN is a 4-digit number.
The terminal user can use the menu functionality to enable or disable PIN lock, and to change the
PIN code. However, the user is not able to disable PIN lock or change the PIN code when the
terminal is PIN locked.
The ability to enter a PIN will be blocked after a number of unsuccessful attempts to enter the PIN.
The blocking can be released only by using an 8-digit PIN Unblocking Key (PUK). The terminal will
require the user to define a new PIN once the PUK has been successfully entered. The number of
maximum unsuccessful PIN attempts can be programmed via CPS programming (default is 3).
The PIN and PUK are stored in the code plug. There is also a parameter that indicates if the PIN is
enabled or disabled and if it is enabled, the user must enter the PIN on power up.
Benefits:
❏ 4 digit PIN code required to access terminal (if PIN is enabled) provides an extra level of
security
❏ After 3 failed attempts the PUK code is required (programmable)
11.8 High Assurance Boot (HAB)
The terminal has a facility that ensures that the code and data flashed in the terminal is authentic
and has not been altered. The HAB module is forced by hardware to run at boot time and check that
all software comes from a trusted source by checking the signature of the code and data segments
present in the terminal using a public/private key mechanism. The keys are downloaded using the
provisioning tool.
If HAB authentication of the flashed software fails, it will not allow the terminal software to run.
11.9 Terminal Disable/Enable on Non-Dimetra Infrastructures
In addition to ’subscription disable’, some Non-Dimetra Infrastructures can disable the terminal (TEI)
and it can disable either the ’subscription’, or ’equipment’ or both.
To Next Page
Loading...
