CONTENTS

 1     Scope 
 2     References 
        2.1     Normative 
        2.2     Informative
 3     Terms and definitions       
 4     Abbreviations   
 5     Baseline privacy plus background and overview   
        5.1     Architectural overview       
        5.2     Operational overview         
 6     DOCSIS MAC frame formats     
        6.1     Variable-length packet data PDU MAC frame format        
        6.2     Fragmentation MAC frame format 
        6.3     Requirements on usage of BP extended header element in MAC header     
 7     Baseline privacy key management (BPKM) protocol        
        7.1     State models          
        7.2     Key management message formats 
 8     Dynamic SA mapping      
        8.1     Introduction           
        8.2     Theory of operation           
        8.3     SA Mapping state model   
        8.4     IP multicast traffic and dynamic SAs           
 9     Key usage  
        9.1     CMTS   
        9.2     Cable modem        
        9.3     Authentication of DOCSIS v1.1/2.0 dynamic service requests        
10     Cryptographic methods   
       10.1     Packet data encryption     
       10.2     Encryption of TEK           
       10.3     HMAC-Digest algorithm   
       10.4     Derivation of TEKs, KEKs and message authentication keys         
       10.5     Public-key encryption of authorization key 
       10.6     Digital signatures   
       10.7     Supporting alternative algorithms   
11     Physical protection of keys in the CM and CMTS           
12     BPI+ X.509 certificate profile and management   
       12.1     BPI+ certificate management architecture overview           
       12.2     Certificate format  
       12.3     Cable modem certificate storage and management in the CM         
       12.4     Certificate processing and management in the CMTS         
Annex A � TFTP configuration file extensions     
        A.1     Encodings 
        A.2     Parameter guidelines         
Annex B � Verifying downloaded operational software     
        B.1     Introduction          
        B.2     Overview  
        B.3     Code upgrade requirements           
        B.4     Security considerations (Informative)         
Annex C � BPI/BPI+ interoperability     
        C.1     DOCSIS v1.0/v1.1/v2.0 interoperability    
        C.2     DOCSIS BPI/BPI+ interoperability requirements  
        C.3     BPI 40-bit DES export mode considerations         
        C.4     System operation  
Annex D � Upgrading from BPI to BPI+     
        D.1     Hybrid cable modem with BPI+    
        D.2     Upgrading procedure        
Appendix I � Example messages, certificates and PDUs     
        I.1        Notation  
        I.2        Authentication Info           
        I.3        Authorization Request      
        I.4        Authorization Reply          
        I.5        Key Request        
        I.6        Key Reply           
        I.7        Packet PDU encryption   
        I.8        Encryption of packet PDU with payload header suppression         
        I.9        Fragmented packet encryption     
Bibliography