Dismiss
InnovationQ/InnovationQ Plus content will be updated on Sunday, June 25, 10am ET, with new patent and non-patent literature collections. Click here to learn more.
Browse Prior Art Database

KEYSET ID ASSIGNMENT WHICH SUPPORTS INDEPENDENT CRYPTO-GROUP CHANGEOVERS

IP.com Disclosure Number: IPCOM000008997D
Original Publication Date: 1999-Jan-01
Included in the Prior Art Database: 2002-Jul-30
Document File: 2 page(s) / 113K

Publishing Venue

Motorola

Related People

Steve Vanderwerf: AUTHOR

Abstract

A customer wants to manage the encryption keys for two or more secure voice/data communica- tion groups or Crypto-Groups in an Association of Public-safety Communication Officers, Project 25 (APCO-25) system. A system administrator would assign a set of encryption keys or keyset to each group. Each keyset is identified by a Keyset ID. Each group can have their set of keys updated by an over-the-air rekeying (OTAK) service in an APCO- 25 system. With only one set of keys, the OTAR service would interrupt voice communication amongst the group as the OTAK service updates the encryption keys of its members. To minimize the interruption of voice communication, each group can be assigned multiple keysets so a quick changeover of an entire Crypto-Group from an old set of keys to a new set of keys can be done quickly with a simple change active keyset command. The OTAR service can update the keys in the old keyset, without interrupting communications of the group, and prepare the group for the next changeover event.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 50% of the total text.

Page 1 of 2

MOTOROLA Technical Developments

@

KEYSET ID ASSIGNMENT WHICH SUPPORTS INDEPENDENT CRYPTO-GROUP CHANGEOVERS

By Steve Vanderwerf

INTRODUCTION

  A customer wants to manage the encryption keys for two or more secure voice/data communica- tion groups or Crypto-Groups in an Association of Public-safety Communication Officers, Project 25 (APCO-25) system. A system administrator would assign a set of encryption keys or keyset to each group. Each keyset is identified by a Keyset ID. Each group can have their set of keys updated by an over-the-air rekeying (OTAK) service in an APCO- 25 system. With only one set of keys, the OTAR service would interrupt voice communication amongst the group as the OTAK service updates the encryption keys of its members. To minimize the interruption of voice communication, each group can be assigned multiple keysets so a quick changeover of an entire Crypto-Group from an old set of keys to a new set of keys can be done quickly with a simple change active keyset command. The OTAR service can update the keys in the old keyset, without interrupting communications of the group, and prepare the group for the next changeover event.

  Independent Crypto-Groups means there is a unique set of keysets for a group. Each Crypto- Group only has one active keyset. Different Crypto- Groups can have different active keysets. Also the

rate of change of active keysets can be independent between Crypto-Groups.

PROBLEM

  In an APCO-25 system, the concept of Crypto- Group and keyset are defined. A Key Management Facility (KMF) is the controlling agent which sends a changeover command to a Crypto-Group. To change the active keyset you must specify a "Superseded Keyset ID; and an Activated Keyset ID" pair. Keyset ID assignment must be the same between the KMF and secure component. If you duplicate keyset IDS across Crypto-Groups, you will have problems deciphering which active keyset to change and how to respond. Also, a keyset ID pair which crosses Crypto-Groups doesn't make sense because you would try to de-activate the active key- set of one crypto-group!and possibly making two keysets active in another crypto-group. This situa- tion breaks the idea that a Crypto-group only has one active keyset.

  In the APCO-25 OTAR system, a Keyset ID is defined as an 8 bit (1 octet) value translated into a 0 to 255 decimal value. A Crypto-Group is identified as a 4-bit value translated into 16 uniquely identified Crypto-Groups. How these Keyset IDS are assigned to Crypto-Groups is not defined.

NEW SOLUTION

  The idea is to crea...