E F Johnson Company 2425333 Benutzerhandbuch
10-11
Secure Communication (Encryption)
Key Encryption Key (KEK) - A key used to encrypt keys contained in Key Management
Messages (KMMs) during OTAR. These messages may themselves be encrypted by a
TEK. These keys can be the AES or DES type. There are KEKs unique to a subscriber unit
(UKEK) and common to a group (CKEK). The other type of key is the Traffic Encryption
Key (TEK) used to encrypt voice and data messages.
Messages (KMMs) during OTAR. These messages may themselves be encrypted by a
TEK. These keys can be the AES or DES type. There are KEKs unique to a subscriber unit
(UKEK) and common to a group (CKEK). The other type of key is the Traffic Encryption
Key (TEK) used to encrypt voice and data messages.
Key ID - This is a 16-bit (four hex digit) number identifier from 1-65535 for an encryption
key which allows the key to be identified without revealing the actual key variable. This
ID and the Algorithm ID uniquely identify a key within the KMF or subscriber unit.
Therefore, two keys can have the same ID if they have different algorithm IDs and vice
versa. The Key ID and Algorithm ID are usually transmitted with a message to identify the
key that must be used to decrypt it. Key ID 0 is not used with OTAR.
key which allows the key to be identified without revealing the actual key variable. This
ID and the Algorithm ID uniquely identify a key within the KMF or subscriber unit.
Therefore, two keys can have the same ID if they have different algorithm IDs and vice
versa. The Key ID and Algorithm ID are usually transmitted with a message to identify the
key that must be used to decrypt it. Key ID 0 is not used with OTAR.
Key Management Facility (KMF) - The equipment and software which provide OTAR
and related key management services to the subscriber units.
and related key management services to the subscriber units.
Key Management Message (KMM) - These are the messages composed by the KMF to
send encryption information to subscriber units through the keyloader or OTAR. KMMs
are themselves encrypted using two layers of encryption: inner and outer. The inner layer
of encryption uses a KEK and the outer layer uses a TEK. Additional security measures
contained within KMMs include a Message Number (MN) and a Message Authentication
Code (MAC).
send encryption information to subscriber units through the keyloader or OTAR. KMMs
are themselves encrypted using two layers of encryption: inner and outer. The inner layer
of encryption uses a KEK and the outer layer uses a TEK. Additional security measures
contained within KMMs include a Message Number (MN) and a Message Authentication
Code (MAC).
Keyset - A structure containing keys of the same type (TEK or KEK). There are two TEK
keysets, Keyset 1 and Keyset 2, and one KEK keyset, Keyset 255. Only one of the two
TEK keysets is active at a given time. This provides a way to divide the two keys
contained within each SLN into two groups, active keys and inactive keys, based on the
currently active keyset setting.
keysets, Keyset 1 and Keyset 2, and one KEK keyset, Keyset 255. Only one of the two
TEK keysets is active at a given time. This provides a way to divide the two keys
contained within each SLN into two groups, active keys and inactive keys, based on the
currently active keyset setting.
Keyset Changeover - The process used to switch the active keyset setting on a subscriber
unit to the currently inactive keyset so that the keys in the newly inactive keyset can be
replaced without interrupting encrypted communication.
unit to the currently inactive keyset so that the keys in the newly inactive keyset can be
replaced without interrupting encrypted communication.
Key Loader - Any type of device used to load encryption keys into a radio. With OTAR,
this device must be used to provide the initial key loading of a subscriber unit so that it
contains the basic keys needed for OTAR by the KMF. If OTAR is not used, it is always
used to load encryption keys. All keys stored in the key loader are themselves encrypted.
EFJohnson offers a PDA-based keyloader.
this device must be used to provide the initial key loading of a subscriber unit so that it
contains the basic keys needed for OTAR by the KMF. If OTAR is not used, it is always
used to load encryption keys. All keys stored in the key loader are themselves encrypted.
EFJohnson offers a PDA-based keyloader.
Logical Link ID (LLID) - An ID transmitted with a CAI data message to identify the
destination of the message.
destination of the message.
Message Number Period (MNP) - The maximum difference between message numbers
that can occur before a message is declared invalid (see Section 10.4.4).
that can occur before a message is declared invalid (see Section 10.4.4).
Over-The-Air-Rekeying (OTAR) - The process of sending new encryption keys over the
air using an RF interface.
air using an RF interface.
Red - Refers to information that is not encrypted. The opposite is “Black”.