2.8.4.7
Encryption MMI
A Class 2 or Class 3 radio that is involved in a clear communication provides visual and audible
indications. If enabled by the service provider, these indications indicate that the communication is not
encrypted.
2.8.4.8
Air Interface Encryption Key Storage
The radio stores all the keys, SCK/CCK/DCK/GCK, in a sealed manner in non-volatile memory of the
radio. However, they are not stored in the codeplug.
The radio supports loading of the SCK keys manually using the Key Variable Loader (KVL). By using a
special key combination, you can delete the cipher keys in the radio. Depending on configuration, you
may erase either all keys or only the short-term keys.
2.8.5
Secure DMO
The Secure Direct Mode Operation (DMO) feature guarantees key ciphered transmission in the DMO.
When DM-SCKs are provided by OTAR, you are informed in case the radio does not contain the
complete set of SDMO keys. Whenever the radio enters DMO and the radio does not possess past
and present DM-SCKs for all provisioned KAG and/or it has not yet successfully received SCK Subset
Grouping Type, SCK Subset Number and SCK-VN information from the SwMI, then the radio:
• plays a special reject tone.
• prompts a message indicating
OTAR incomplete
.
The radio provides SDMO status information to the user from the MMI
DMOSCK Validity
submenu
inside the
Security
menu (present only when configured in the codeplug):
•
DMO SCK is Valid
if DMO SCK OTAR is disabled and all DM-SCKs are provided using the KVL.
•
DMO SCK is Valid
if DMO SCK OTAR is enabled and the radio knows the current SCK information
and has all the corresponding past and present DM-SCKs.
•
DMO SCK is Invalid
in all other cases.
The radio supports system management of SDMO keys. The radio using system managed SDMO
requires the structure of DM-SCKs used for SDMO, the current active SCK Subset Number, and
Version Number information to coordinate key schedules. The radio considers the last received variant
of this information PDU as the most accurate indication of SDMO key configuration.
DMO SCK can only be used if Enhanced Security feature is purchased.
2.8.6
SIM Security
The SIM is an integrated circuit card that holds a filing system and an application. The SIM security
feature is only available on the GMOI network.
The security of the SIM card is ensured by the means of the following security functionality groups:
• Voice End-to-End Encryption (E2EE) and related key management
• Network access parameters and authentication
• Key management for Air Interface Encryption (AIE)
• Operational Tactical Address (OPTA), modification, encryption, and transfer
• AES for E2EE of SIM Interface and SIM-Terminal Authentication
MN003465A01-AF
Chapter 2 : Services and Features
28
