Browse Prior Art Database

Auto Keyset Changeover Based on Frequency of Use

IP.com Disclosure Number: IPCOM000004803D
Original Publication Date: 2001-Jun-05
Included in the Prior Art Database: 2001-Jun-05
Document File: 1 page(s) / 26K

Publishing Venue

Motorola

Related People

Chris A. Kruegel: AUTHOR

Abstract

Auto Keyset Changeover Based on Frequency of Use

This text was extracted from a Microsoft Word 97 document.
This is the abbreviated version, containing approximately 98% of the total text.

Keysets are a grouping of encryption keys used to simplify key management functions such as updating keys, deleting keys, or rekeying a group of keys.

In a secure two-way radio system, a keyset changeover occurs when a subscriber changes from one keyset to a different keyset. This can be accomplished in various ways:

The user can manually select the new keyset via the subscriber interface.

In an Over the Air Rekeying (OTAR) system a keyset change command can be sent over the air to the subscriber.

An APCO OTAR Project 25 compliant Motorola Key Variable Loader (KVL) device can be used to manually select the new keyset via the KVL interface if attached to a subscriber.

If the subscriber is equipped with a clock a time of day command can be used to switch to a new keyset at a certain date and time.

For security and currency reasons it is preferred that subscribers always use the most current keyset. If a subscriber does not receive a keyset changeover command because it was turned off, out of OTAR range, etc., it will be using encryption keys from an OLD keyset and not the NEW keyset. This is not desirable. The keyset changeover was considered necessary due to a compromised key, normal security practices, etc., and it is important that all subscribers switch to the NEW keyset as soon a possible.

To help make sure this happens a subscriber can monitor keyset usage and automatically switch to the most frequently used keyset. For example, if eight of the last ten secure calls the subscriber received used keys from a keyset that is not its

currently active keyset the subscriber could automatically make that keyset its active keyset.

It is important to monitor the frequency of keyset usage and not the frequency of key usage because the subscriber user may stay on one channel or mode and always use the same key, just different keysets. In this scenario the subscriber should still switch to the more current keyset but if it monitored the number of keys used within a keyset it may not do so.

It is also important to monitor the frequency of keyset use per Radio ID. By monitoring this information the subscriber can make sure that more than one user is using the NEW keyset before switching to the NEW keyset. This will prevent subscribers already on the NEW keyset from going back to an older keyset if the user that primarily keys up is still on an OLD keyset.

Automatically monitoring and switching to the new keyset will allow a subscriber to become current with other subscribers in the system. This solution will enhance the keyset changeover procedure in the event that any or all of the methods described above fail.

In an APCO Project 25 compliant system the keyset for an encryption key can be determined by using the key ID and algorithm ID sent over the air. By using the key ID and algorithm ID the subscriber can determine what keyset the key is mapped to. In a properly managed system each key will have a unique key ID and algorithm ID pair making it possible to correctly...