Browse Prior Art Database

Improved Method For OTAR Using Keyset Key

IP.com Disclosure Number: IPCOM000131210D
Original Publication Date: 2005-Nov-09
Included in the Prior Art Database: 2005-Nov-09
Document File: 2 page(s) / 46K

Publishing Venue

Motorola

Related People

Stan Knapczyk: AUTHOR

Abstract

In a secure radio system, the KMF(Key Management Controller) assigns a number of CKRs(Common Key Reference Numbers) to each radio. Each CKR contains 2 or more keys, one for each keyset. A keyset designates a set of keys for either current use or future use. So, a radio that has 10 CKRs assigned in a 2-keyset system will actually store 20 keys, 10 in keyset 1 and 10 in keyset 2. Keyset 1 may be currently designated as the active keyset and those 10 keys are used by the radio for voice and data transmissions. Keyset 2 would be the inactive keyset and the 10 keys stored in keyset 2 are designated for future use(i.e. during the next crypto period).

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 56% of the total text.

Improved Method For OTAR Using Keyset Key

By Stan Knapczyk

 
 

Related Art

In a secure radio system, the KMF(Key Management Controller) assigns a number of CKRs(Common Key Reference Numbers) to each radio. Each CKR contains 2 or more keys, one for each keyset. A keyset designates a set of keys for either current use or future use. So, a radio that has 10 CKRs assigned in a 2-keyset system will actually store 20 keys, 10 in keyset 1 and 10 in keyset 2. Keyset 1 may be currently designated as the active keyset and those 10 keys are used by the radio for voice and data transmissions.  Keyset 2 would be the inactive keyset and the 10 keys stored in keyset 2 are designated for future use(i.e. during the next crypto period).

Existing Motorola systems employ a full update operation in the KMF that works as follows: The KMF constructs and sends individually addressed Key Management Messages(or KMMs) to each of the radios in the fleet containing all of the encryption keys required by each particular radio. Depending on how many keys must be delivered to a particular radio, multiple KMMs may be required for each radio. This can result in many KMMs being required to rekey each radio in the fleet. A typical radio may be using 10 CKRs with 2 keysets. This would require that each crypto period, the KMF deliver 20 encryption keys to each radio in the system.

Furthermore, the expectation is that more keysets may be required in the future as well as encryption algorithms that utilize larger encryption keys for more security.

Invention

An improvement on this approach is to perform a Keyset Rekey. Rather than delivering all new keys for a particular keyset in a radio, the KMF delivers a single key referred to as the Keyset Key. The keyset key is then used along with the keys

stored in the previous keyset for each CKR to generate a new set of keys in the radio.

The use of a Keyset Rekey is best understood by reference to a specific illustration.  For example, take a radio that contains 4 CKRs, wherein each CKR has been provisioned with a unique independent key in keyset 1 using existing methods(refer to figure 1). The radio also contains keysets 2 thru 5 but there are curr...