Table of Contents
Advertisement
Operation
SAM Authentication Sequence
The SAM-protected network consists of the primary authentication server and its modem bank
(usually at the NOC), and the remote SAM modem and its attached communication devices. For
server redundancy, a secondary authentication server and its modem bank can be deployed at a
separate location. The SAM authentication process is described briefly below.
typical application with primary and secondary authentication Servers.
1. Once configured for SAM authentication, the modem powers up and, after a 20 second delay,
dials the primary authentication server to retrieve a new private key. With a successful
connection the primary server securely transmits the new private key to the SAM modem,
along with the new values for Active Valid Time and Inactive Valid Time. The modem stores
the new private key and time values in RAM.
Note
New keys are generated by the authentication server in hour or day intervals, as defined by the
Authentication Server administrator.
Note
If the SAM modem fails to make a connection to the authentication server, it will attempt another call after
the Redail Delay interval. If a secondary authentication server is available, the SAM modem will alternate
between the two servers until a successful key update is accomplished.
2. When a remote user (client) attempts a connection to the network, the client application
prompts for a valid username, password, and SAM ID. If the remote user is authenticated, the
SAM Server transmits the SAM modem phone number and the public encryption key to the
client application. Once received, the call is dropped.
3. The client modem then dials the SAM modem.
4. With a successful exchange of messages, the SAM modem allows remote user access to the
connected devices, e.g., router, switch, etc. (See
SAM Authentication with SteadFast Security
When the remote caller initiates a call, the answer modem attempts to match the SteadFast
passwords stored in cell 0 of both modems during the handshake. With a match, the answer modem
directly admits a caller using a valid cell password. Once admitted, the SAM authentication
sequence begins, as described above. If the caller has an invalid SteadFast password, the answering
modem terminates the call.
Note
SteadFast Security requires that modems at all sites (the Client modem, the remote SAM modem, and the
authentication server modem bank) be GDC V.34 modems configured with the same SteadFast password.
3-18
SpectraComm Dual V.34 Modem
Installation and Operation
Security Overview
Figure 3-1
Figure
3-1.)
shows a
060R122-000
Issue 15
Advertisement
Table of Contents
