Browse Prior Art Database

Reduced Messaging for Indexset Changeovers for OTAK

IP.com Disclosure Number: IPCOM000030964D
Original Publication Date: 2004-Sep-02
Included in the Prior Art Database: 2004-Sep-02
Document File: 2 page(s) / 32K

Publishing Venue

Motorola

Related People

Chris A. Kruegel: AUTHOR

Abstract

Key management in a two-way radio system can be a challenging and time consuming task, especially in large systems. Over the Air Key Management (OTAK) is an effective method of maintaining and updating encryption keys in a two-way radio system. As with any task, there is a continued desire to improve the efficiency of the key management process. This is especially true when there is a large number of radios or end devices that are key managed in a two-way radio system. It is desirable for key management to be as unobtrusive as possible to other services offered in a two-way radio system. The more efficient the key management service is, the better the performance of the two-way radio system for key management and other services.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 55% of the total text.

Reduced Messaging for Indexset Changeovers for OTAK

By Chris A. Kruegel

 
 

Key management in a two-way radio system can be a challenging and time consuming task, especially in large systems.  Over the Air Key Management (OTAK) is an effective method of maintaining and updating encryption keys in a two-way radio system.  As with any task, there is a continued desire to improve the efficiency of the key management process.  This is especially true when there is a large number of radios or end devices that are key managed in a two-way radio system.  It is desirable for key management to be as unobtrusive as possible to other services offered in a two-way radio system.  The more efficient the key management service is, the better the performance of the two-way radio system for key management and other services.

One area of performance improvement for OTAK is to reduce the number of messages required when adding and activating a group of keys (an indexset) that are valid for the same length of time (crypto period) in a large number of radios.  TETRA OTAK recommends using one message to a radio for delivering encryption keys and another message for activating the keys.  It would be desirable to accomplish this in fewer messages to the radio, especially when there is a large fleet of radios to be updated.

TETRA OTAK allows for the activation of individual keys either in one command as the key is loaded or through the use of a separate command. Activation of an indexset is provided using a dedicated key management message (KMM) that is different than the KMM used to load the keys. While using this separate command accomplishes the goal of activating the indexset, it requires extra system resources and time to do so, thus putting a burden on key management and overall system

performance. This is especially noticeable if a large group of radios needs to be updated.

Within the KMM used to load keys there is an available “active” flag whose specific use is left to implementation by the manufacturer.  This “active” flag can be used to reduce the number of KMMs needed to add keys and activate an indexset in a fleet of radios.  This can be accomplished by applying the state of the “active” flag, which is present in the structure of every key loaded using this KMM, to all the keys in the same indexset.    Thus, when a radio sees this flag set to “active” for a given key, the radio will activate all keys in that indexset. If the flag is not set, there is no change in the active indexset for any of the keys within the radio.  By using this flag in this manner there is no need to send an additional message to the radio just to activate the new indexset.

For example, the f...