1
Scope
2 References
2.1 Normative
2.2 Informative
3 Terms and definitions
4 Abbreviations
5 Baseline privacy plus background
and overview
5.1 Architectural overview
5.2 Operational overview
6 DOCSIS MAC frame formats
6.1 Variable-length packet data PDU
MAC frame format
6.2 Fragmentation MAC frame format
6.3 Requirements on usage of BP
extended header element in MAC header
7 Baseline Privacy Key Management
(BPKM) protocol
7.1 State models
7.2 Key management message formats
8 Dynamic SA mapping
8.1 Introduction
8.2 Theory of operation
8.3 SA Mapping state model
8.4 IP multicast traffic and dynamic
SAs
9 Key usage
9.1 CMTS
9.2 Cable modem
9.3 Authentication of DOCSIS v1.1/2.0
dynamic service requests
10 Cryptographic methods
10.1 Packet data encryption
10.2 Encryption of TEK
10.3 HMAC-Digest algorithm
10.4 Derivation of TEKs, KEKs and
message authentication keys
10.5 Public-key encryption of
authorization key
10.6 Digital signatures
10.7 Supporting alternative algorithms
11 Physical protection of keys in the CM and CMTS
12 BPI+ X.509 certificate profile and management
12.1 BPI+ certificate management
architecture overview
12.2 Certificate format
12.3 Cable modem certificate storage
and management in the CM
12.4 Certificate processing and
management in the CMTS
Annex A – TFTP
configuration file extensions
A.1 Encodings
A.2 Parameter guidelines
Annex B
– Verifying
downloaded operational software
B.1 Introduction
B.2 Overview
B.3 Code upgrade requirements
B.4 Security considerations
(Informative)
Annex C – BPI/BPI+
interoperability
C.1 DOCSIS v1.0/v1.1/v2.0
interoperability
C.2 DOCSIS BPI/BPI+ interoperability
requirements
C.3 BPI 40-bit DES export mode considerations
C.4 System operation
Annex D
– Upgrading from BPI
to BPI+
D.1 Hybrid cable modem with BPI+
D.2 Upgrading Procedure
Appendix I – Example
messages, certificates and PDUs
I.1 Notation
I.2 Authentication Info
I.3 Authorization Request
I.4 Authorization Reply
I.5 Key Request
I.6 Key Reply
I.7 Packet PDU encryption
I.8 Encryption of packet PDU with payload header
suppression
I.9 Fragmented packet encryption
BIBLIOGRAPHY