ETSI - ES 201 488-3
Access and Terminals (AT); Data Over Cable Systems; Part 3: Baseline Privacy Plus Interface Specification
|Publication Date:||1 August 2003|
The present document, namely the BPI+ specification  extended to allow certificates designated Euro-DOCSIS, describes MAC layer security services for Data Over Cable Systems (DOCS) CMTS.
The source material was the DOCSIS™ "Data Over Cable Services Interface Specifications, Baseline Privacy Plus Interface Specification Interim 09 08/30/02", for which the latest published version can be found at www.cablemodem.com.
CM communications. BPI+ security goals are twofold:
• provide cable modem users with data privacy across the cable network; and
• provide MSOs with service protection; i.e. prevent unauthorized users from gaining access to the network's RF MAC services.
BPI+ provides a level of data privacy across the shared medium cable network equal to or better than that provided by dedicated line network access services (analog modems or digital subscriber lines).
The protected RF MAC data communications services fall into three categories:
• best-effort, high-speed, IP data services;
• QoS (e.g. constant bit rate) data services; and
• IP multicast group services.
The earlier BPI specification  had "weak" service protection because the underlying key management protocol did not authenticate CMs. BPI+ strengthens this service protection by adding digital-certificate based CM authentication to its key exchange protocol.