STE User’s Manual
TPA Functions
Rel. 2.6
4-3
as a User or as a Carry Card, but contains no keys. My be able to make non-secure calls, but
cannot make secure calls.
The FORTEZZA PLUS
KRYPTON™
ENHANCED CRYPTOCARD can be in either one of two functions,
“Carry” or “TPA”:
1.
Carry
– Either a Fill or a User card that contains only the “B” split of a user card that can
be carried to another STE for association. See Paragraph
2.
TPA
– Either a Fill or a User card authorized to make security changes in the STE. See
Paragraph
4-2.1.1 Fill
Card
A “Fill Card” is a Crypto Card received from the Central Facility containing all algorithms and keys a STE
needs for secure operations. Keys can be either operational, test, or seed crypto key.
Fill Cards containing operations keys are classified at the level of the keys and must be accounted for and
safeguarded at the level of their classification.
Fill Cards containing only test and seed keys are unclassified. The seeds must be converted to
operational keys after the card is associated with a STE.
Fill Cards contain both CIK Splits (Split A and Split B). Splits can be compared to a two-part key, where
one part will be left in a STE and the other will remain on the Crypto Card. This separation occurs when
the Fill Card is associated with a STE and becomes a User Card. When both parts of a CIK split are
contained on the card, it is “unlocked”. If the “unlocked” card contains operational keys, it is classified at
the level of the keys. If the “unlocked” card contains seed, or test keys, it is unclassified. If only one part
of a specific CIK is contained on the card, it is “locked” and unclassified. A Fill Card can serve or function
as a TPA Card or a Carry Card, which will be described later.
4-2.1.2 User
Card
A “User Card” is a Fill Card that has been “associated” with a STE by that STE’s TPA. The User Card
contains only the “A” split of the CIK. The “B” split has been removed and is stored in the STE. Because
association has removed one of the splits, the card is no longer classified and is said to be “locked” and
unclassified. Now the User Card only needs to be accountable by serial number. Without the User Card
being inserted in the associated STE, the STE is also unclassified. When the User Card is inserted in the
associated STE, both CIK splits are available. The User Card is now “unlocked” and classified at the
level of the key contained. The STE is also classified at the same level. With the User Card inserted in
the STE, secure calls can be placed at the security level established by key and allowed by the TPA. A
User Card can function as a TPA or Carry Card, which will be described later. The procedure to convert a
Fill Card to a User Card is provided in Paragraph
. The User Card can serve or function as a TPA
Card and a Carry Card, which will be described later.
4-2.2 TPA
Card
A Fill or User Crypto Card should be designated as the “TPA Card” or “TPA” for a specific STE or a group
of STEs within a facility, as directed by the System Administrator or Security Officer. A TPA Card can be
used to control the security features for any number of STEs.
A TPA is always the first Crypto Card inserted in a STE in the factory default or zeroized state. When the
card is inserted, it is “assigned” to the STE, meaning the TPA Card’s serial number has been registered in
the STE (there is no CIK). Only one card may serve as the STE’s TPA. The TPA is the only card that will
allow changes to be made to security settings. A TPA must be established on each STE as described
herein.
1. After the STE has been powered up and the self-test completed, insert the crypto card that has
been designated as the “TPA Card” into the CRYPTO CARD SLOT at the front of the STE.
Position the card so the side with the arrow is facing up and pointing toward the STE. Firmly
push the card into the STE until the CRYPTO CARD EJECTOR BUTTON pops out and the
CARD INSERTED indicator on the front panel glows.
Summary of Contents for CEU
Page 2: ...Copyright 2006 L 3 Communications Corporation ...
Page 26: ...List of Tables STE User s Manual xiv Rel 2 6 This page intentionally left blank ...
Page 32: ...Introduction STE User s Manual 1 6 Rel 2 6 This page intentionally left blank ...
Page 132: ......
Page 181: ...STE User s Manual Crypto Card Management Rel 2 6 6 25 ...
Page 182: ......
Page 210: ...Calls STE User s Manual 7 28 Rel 2 6 This page intentionally left blank ...
Page 234: ...Remote Control Operations STE User s Manual 8 24 Rel 2 6 This page intentionally left blank ...
Page 258: ...8510 Capabilities STE User s Manual 9 24 Rel 2 6 This page intentionally left blank ...
Page 284: ...User Maintenance STE User s Manual 11 6 Rel 2 6 This page intentionally left blank ...
Page 288: ...Notes STE User s Manual 12 4 Rel 2 6 12 4 CE DECLARATION OF CONFORMITY ...
Page 306: ...Index STE User s Manual Index 18 Rel 2 6 This page intentionally left blank ...
Page 308: ...Rel 2 6 FP 2 FO 2 User Tree ...
Page 311: ......