Operating Manual

ManualsBrandsE F Johnson ManualsElectronics5100 ES Series VHF Radio

101

102

103

104

105

106

107

108

109

110

March 2008 5100 ES Models II/III Portable Radio Operating Manual 10-11

Secure Communication (Encryption)

Key Management Message (KMM) - These are the messages composed by the KMF to

send encryption information to subscriber units through the keyloader or OTAR. KMMs

are themselves encrypted using two layers of encryption: inner and outer. The inner layer

of encryption uses a KEK and the outer layer uses a TEK. Additional security measures

contained within KMMs include a Message Number (MN) and a Message Authentication

Code (MAC).

Keyset - A structure containing keys of the same type (TEK or KEK). There are two TEK

keysets, Keyset 1 and Keyset 2, and one KEK keyset, Keyset 255. Only one of the two

TEK keysets is active at a given time. This provides a way to divide the two keys

contained within each SLN into two groups, active keys and inactive keys, based on the

currently active keyset setting.

Keyset Changeover - The process used to switch the active keyset setting on a subscriber

unit to the currently inactive keyset so that the keys in the newly inactive keyset can be

replaced without interrupting encrypted communication.

Key Loader - Any type of device used to load encryption keys into a radio. With OTAR,

this device must be used to provide the initial key loading of a subscriber unit so that it

contains the basic keys needed for OTAR by the KMF (the KEK). If OTAR is not used, is

always used to load encryption keys. EFJohnson offers a PDA-based keyloader.

Logical Link ID (LLID) - An ID transmitted with a CAI data message to identify the

destination of the message.

Message Number Period (MNP) - The maximum difference between message numbers

that can occur before a message is declared invalid (see Section 10.4.4).

Over-The-Air-Rekeying (OTAR) - The process of sending new encryption keys over the

air using an RF interface.

Red - Refers to information that is not encrypted. The opposite is “Black”.

Rekey - The process of preparing, sending, and loading encryption keys into a subscriber

unit for current or future use. This may be done over-the-air (OTAR) or by directly

connecting a keyloader to the subscriber unit.

Radio Set Identifier (RSI) - Subscriber units are programmed with one or two Radio Set

Identifier (RSI) numbers that identify the unit for OTAR purposes. The RSI can be unique

to an individual subscriber unit or unique to a group of subscriber units. An individual

(unit) RSI is always assigned and a group RSIs may be assigned. The individual RSI is

typically programmed when the subscriber unit is initially brought into service. The KMF

is also identified by an RSI (KMFRSI) to use as the destination of any KMMs a subscriber

unit originates. The KMMs (Key Management Messages) generated by the KMF (Key

Management Facility) are addressed to a specific RSI.

Storage Location Number (SLN) - A link to a specific TEK in a given keyset. A given

SLN can contain two keys, one for the active keyset and one for the inactive keyset. SLNs

and CKRs are equivalent terms (see Section 10.2).