E F Johnson Company 2425372 사용자 설명서
Draft
-12 5300 ES Series Mobile Radio Operating Manual
December 2006
Crypto Group - A group of up to 16 keysets containing the same type of keys (either TEK
or KEK). Although a crypto group can contain up to 16 keysets, only two are normally
used. Only one keyset in a crypto group is active at a time. EFJohnson radios currently
support only one crypto group.
or KEK). Although a crypto group can contain up to 16 keysets, only two are normally
used. Only one keyset in a crypto group is active at a time. EFJohnson radios currently
support only one crypto group.
Cryptographic Variable - The variable used by a cryptographic algorithm to encrypt a
message. Also called a “key”.
message. Also called a “key”.
Currency - Relates to the need for key updates. If a subscriber unit is current, it does not
require a key update at the current time. If it is not current, the KMF has new keys for that
subscriber unit or CKR group have not been sent or have been sent but not acknowledged.
require a key update at the current time. If it is not current, the KMF has new keys for that
subscriber unit or CKR group have not been sent or have been sent but not acknowledged.
Group Rekeying - The process of changing the keys in several subscriber units with a
single message addressed to the group rather than changing each subscriber unit
separately. This addressing is done using a group RSI. Group rekeying reduces system
overhead and makes rekeying more efficient. Subscriber units in the same group must be
programmed with a common KEK (CKEK) and use the same TEKs.
single message addressed to the group rather than changing each subscriber unit
separately. This addressing is done using a group RSI. Group rekeying reduces system
overhead and makes rekeying more efficient. Subscriber units in the same group must be
programmed with a common KEK (CKEK) and use the same TEKs.
Key - A variable used by a cryptographic algorithm to encrypt voice or data. Also called
“Cryptographic Variable”.
“Cryptographic Variable”.
Key Encryption Key (KEK) - A key used to encrypt keys contained in Key Management
Messages (KMMs) during OTAR. These messages may themselves be encrypted by the
currently active TEK. These keys can be the AES or DES type. There are KEKs unique to
a subscriber unit (UKEK) and common to a group (CKEK). The other type of key is the
Traffic Encryption Key (TEK) used to encrypt voice and data messages.
Messages (KMMs) during OTAR. These messages may themselves be encrypted by the
currently active TEK. These keys can be the AES or DES type. There are KEKs unique to
a subscriber unit (UKEK) and common to a group (CKEK). The other type of key is the
Traffic Encryption Key (TEK) used to encrypt voice and data messages.
Key ID - This is a 16-bit (four hex digit) number identifier from 1-65535 for an encryption
key which allows the key to be identified without revealing the actual key variable. This
ID and the Algorithm ID uniquely identify a key within the KMF or subscriber unit.
Therefore, two keys can have the same ID if they have different algorithm IDs and vice
versa. The Key ID and Algorithm ID are usually transmitted with a message to identify the
key that must be used to decrypt it. Key ID 0 is not used with OTAR.
key which allows the key to be identified without revealing the actual key variable. This
ID and the Algorithm ID uniquely identify a key within the KMF or subscriber unit.
Therefore, two keys can have the same ID if they have different algorithm IDs and vice
versa. The Key ID and Algorithm ID are usually transmitted with a message to identify the
key that must be used to decrypt it. Key ID 0 is not used with OTAR.
Key Management Facility (KMF) - The equipment and software which provide OTAR
and related key management services to the subscriber units.
and related key management services to the subscriber units.
Key Management Message (KMM) - These are the messages composed by the KMF to
send encryption information to subscriber units via the keyloader or OTAR. KMMs are
themselves encrypted using two layers of encryption: inner and outer. The inner layer of
encryption is the KEK and the outer layer is the TEK. At this layer, the KMMs are also
included in a Common Air Interface (CAI) message which adds another layer of
addressing. In addition, a Message Authentication Code (MAC) is used.
send encryption information to subscriber units via the keyloader or OTAR. KMMs are
themselves encrypted using two layers of encryption: inner and outer. The inner layer of
encryption is the KEK and the outer layer is the TEK. At this layer, the KMMs are also
included in a Common Air Interface (CAI) message which adds another layer of
addressing. In addition, a Message Authentication Code (MAC) is used.
Keyset - A group of keys of the same type (KEK or TEK) that are managed as a single
entity (they can be updated, deleted, and rekeyed with a single command).
entity (they can be updated, deleted, and rekeyed with a single command).
Keyset Changeover - The process used to switch a subscriber unit to another keyset so
that the unused keyset can be replaced without interrupting encrypted communication.
that the unused keyset can be replaced without interrupting encrypted communication.