For the AP-SM link with authentication enabled: If authentication is enabled, each end calculates the per-session encryption key using the SM’s factory installed key, the random number used during the per-session challenge, and the authentication key, if one was entered by the user.
For the AP-SM link with authentication disabled: If authentication is not enabled, then each end calculates the per-session encryption key using the SM’s factory installed key and the random number used during the per-session challenge.
For the Backhaul link with authentication enabled: If authentication is enabled, each end calculates the per-session encryption key using the BHS’s factory installed key, the random number used during the per-session challenge, and the user-entered authentication key (entered by the user into both the BHM and the BHS).
For the Backhaul link with authentication disabled: If authentication is not enabled, then each end calculates the per-session encryption key using the BHS’s factory installed key and the random number used during the per-session challenge.