Chapter 9 Maintenance
HES-309M Series User’s Guide
116
4 The server disconnects from the WiMAX Device once all of its management
operations have been carried out.
Figure 49 OMA-DM Data Management
OMA-DM Authentication
In order to ensure the integrity of the connection between an OMA-DM server and
the WiMAX Device, communication between the two is encoded using one of three
common algorithms. They are not intended to be used in lieu of proper digital
security, but instead as a means of transmitting multiple disparate types of data
over HTTP. Security encryption for communication is handled by different
processes configured elsewhere in the WiMAX Device’s web configurator
Basic Access Authentication
– Sends a person’s user name and password in
Base64. This auhentication protocol is supported by all browsers that are HTTP
1.0/1.1 compliant. Although converted to Base64 for the sake of cross-
compatibility, credentials are nonetheless passed between the web browser and
the server in plaintext, making it extremely easy to intercept and read. As such, it
is rarely used anymore.
Digest Access Authentication
– This protocol was designed to replace basic
access authentication. Instead of encoding a user name and password in plaintext,
this protocol uses what is known as an MD5 message authentication code. It
allows the server to issue a single-use, randomly generated number (known as a
‘nonce’) to the client (in this case, the web browser), which then uses the number
as the ‘public key’ for encrypting its data. When the server receives the encrypted
data, it unlocks it using the ‘key’ that was just provided. While stronger than basic
access authentication, this protocol is not as strong as, say, HMAC, or as secure as
the client using a client-side private key encryption scheme.
Hash Message Authentication Code
– Also known as HMAC, this code relies on
cryptographic hash functions to bolster an existing protocol, such as MD5. It is a
method for generating a stronger, significantly higher encryption key.
A
B
1
2
3
4
To Next Page
Loading...
