Browse Prior Art Database

Method To Rekey An Encrypted Radio Using The Internet, OTIR (Over-The-Internet-Rekeying)

IP.com Disclosure Number: IPCOM000004670D
Original Publication Date: 2001-Mar-28
Included in the Prior Art Database: 2001-Mar-28
Document File: 1 page(s) / 21K

Publishing Venue

Motorola

Related People

Doug Bank: AUTHOR [+3]

Abstract

Method To Rekey An Encrypted Radio Using The Internet, OTIR (Over-The-Internet-Rekeying)

This text was extracted from a WORD97 document.
This is the abbreviated version, containing approximately 100% of the total text.

Method To Rekey An Encrypted Radio Using The Internet,

OTIR (Over-The-Internet-Rekeying)

by Doug Bank, Ken Fuchs, Ron Shaffer

This paper describes a method to securely deliver encryption keys to subscribers of a LMR (Land Mobile Radio) system in a new way.

When an encrypted LMR user needs new encryption keys for their subscriber radio they typically get them through two sources. In the first method a KVL (Key Variable Loader), which is a hand held device, can load new keys directly into the subscriber. In the second method a KMF (Key Management Facility) can send OTAR (Over The Air Rekey) messages to supply new keys to the subscriber. The OTAR messages are encrypted Key Management Messages (KMMs) that essentially contain the new key information.

A problem arises when the user(s) cannot get new keys because they are both outside of the range of their system (or they don't have a KMF) so they cannot receive OTAR messages, AND they do not have a KVL (because KVL's are bulky, expensive, and not readily available to every user).

The idea involves sending the encrypted KMM via the internet using email or accessing a secure website. The user would access the internet with his laptop PC to retrieve the KMM. The user would then insert into his PC a PCMCIA card that has a subscriber key-fill connector on the other side (the PCMCIA/Key-Fill Interface Device). Then, the user would run an application on the PC that sends the KMM out the PCMCIA slot (using the KVL protocol) and the PCMCIA/Key-Fill Interface Device would transfer the message to the subscriber just as if it were coming directly out of a KVL. If any acknowledgements are required, the application running on the PC would read them and forward them on to the KMF via an email message or http.

Another application of this solution is for a system that has a KMF, but no RF data link (voice only). These users insert their encrypted KMMs into KVLs and then must physically load keys into each subscriber in a store-and-forward approach. It would be much easier for the KMF to distribute the KMMs via the internet in the system described above.

In summary, the idea has three components: 1) an application within the KMF to support the email/internet interface, 2) an application running on the end-user's PC that handles the internet/KMM interface to the PCMCIA port using the KVL messaging protocol, 3) a physical device with a PCMCIA connector on one end and a subscriber key-fill connector on the other end.