Publishing Venue
Motorola
Related People
Authors:
Paul Wadzinske
•
Michelle Chang
Abstract
In APCO OTAR, the unique Key Encryption Key (UKEK) or Radio Set Identifier (RSI) that an individual unit has can become out of sync with the UKEK or RSI that the Key Management Facility (KMF) believes that the unit possesses. This scenario occurs when a radio has been successfully sent a new UKEK or RSI, but an OTAR acknowl- edgment to the rekey or change RSI command is not successfully received by the KMF. The acknowledgment coming back to the KMF can collide with other inbound traffic and be prevented from reaching the KMF.
Page 1 of 2
0 M MO-LA
Technical Deve1opment.s
KEK AND RSI RESYNCHRONIZATION
by Paul Wadzinske and Michelle Chang
INTRODUCTION AND PRIOR ART
In APCO OTAR, the unique Key Encryption Key (UKEK) or Radio Set Identifier (RSI) that an individual unit has can become out of sync with the UKEK or RSI that the Key Management Facility (KMF) believes that the unit possesses. This scenario occurs when a radio has been successfully sent a new UKEK or RSI, but an OTAR acknowl- edgment to the rekey or change RSI command is not successfully received by the KMF. The acknowledgment coming back to the KMF can collide with other inbound traffic and be prevented from reaching the KMF.
KMF Radio
not recognize the one sent to it from the KMF.
SOLUTION
This invention will prevent the above scenario from occurring. We will use the UKEK example to illustrate its operation. When the user changes a unit's UKEK, the KMF remembers the UKEK that it thinks the radio currently possesses, i.e. "current UKEK" as well as the new UKEK assigned to the radio, i.e "latest UKEK." When the KMF is updating the radio's UKEK, it will keep track of whether or not the radio successfully acknowledged the new UKEK. If it did, the KMF will update the radio's "current UKEK" to be equal to the "latest UKEK." Otherwise, it will keep these two values separate.
When the user performs a subsequent rekey operation on the radio, the KMF will first of all determine if the radio's "current UKEK" is equal to the "latest UKEK." If it is, the KMF will perform the Traffic Encrypt...
