Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Protected Keyset for Fast Changeover in Case of Key Compromise

IP.com Disclosure Number: IPCOM000011399D
Original Publication Date: 2003-Feb-18
Included in the Prior Art Database: 2003-Feb-18
Document File: 2 page(s) / 32K

Publishing Venue

Motorola

Related People

Gary Hunsberger: AUTHOR

Abstract

In a two way radio system consisting of radios (or system infrastructure devices) containing shared encryption key material for the purpose of protecting radio communication, a stolen radio can be used to monitor that radio communication. In this case the stolen radio’s keys must be erased remotely, or the key material that is used to protect the radio traffic must be changed to different key material that the stolen radio user cannot use to monitor the traffic.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 50% of the total text.

In a two way radio system consisting of radios (or system infrastructure devices) containing shared encryption key material for the purpose of protecting radio communication, a stolen radio can be used to monitor that radio communication.� In this case the stolen radio’s keys must be erased remotely, or the key material that is used to protect the radio traffic must be changed to different key material that the stolen radio user cannot use to monitor the traffic.

Trying to erase the keys remotely is an option in some systems, but the stolen radio must be monitoring the system at the time of the remote command and an intelligent adversary can prevent erasure from occurring.� If remote erasure is not successful or not possible on the given system, all communications devices in the system that share the same key material as that contained in the stolen radio must change what key material they use.

There are varying solutions to this problem today, but the reliable ones take a significant amount of time before trusted secure communication can be restored. This time could be on the order of hours or days on today’s two way systems depending on the size and configuration.� One example where it would be imperative to change the keys quickly would be if a radio were stolen from a Secret Service detail protecting the President.

The invention is to create a protected set of keys which cannot be activated (and thus used for communication) by the holder of the radio, but can be activated by the key manager of the system.� In the event of a known key compromise (stolen radio), the system key manager initiates a command that triggers an over the air message to any chosen radio or group of radios to change it’s active keys to the protected keys.� Then, trusted communication can continue without the stolen radio being used to listen in because the stolen radio can’t listen with those keys. In the long term, a...