Table of Contents
Advertisement
MN004527A01-AG
Chapter 2: Services and Features
2.15.4.7
Encryption MMI
A Class 2 or Class 3 radio that is involved in a clear communication provides visual and audible
indications. If enabled by the service provider, these indications indicate that the communication is not
encrypted.
2.15.4.8
Air Interface Encryption Key Storage
The radio stores all the keys, SCK/CCK/DCK/GCK, in a sealed manner in non-volatile memory of the
radio. However, they are not stored in the codeplug.
The radio supports loading of the SCK keys manually using the Key Variable Loader (KVL). By using a
special key combination, you can delete the cipher keys in the radio. Depending on configuration, you
may erase either all keys or only the short-term keys.
2.15.5
Secure DMO
The Secure Direct Mode Operation (DMO) feature guarantees key ciphered transmission in the DMO.
When DM-SCKs are provided by OTAR, you are informed in case the radio does not contain the
complete set of SDMO keys. Whenever the radio enters DMO and the radio does not possess past
and present DM-SCKs for all provisioned KAG and/or it has not yet successfully received SCK Subset
Grouping Type, SCK Subset Number and SCK-VN information from the SwMI, then the radio:
•
plays a special reject tone.
•
prompts a message indicating OTAR incomplete.
The radio provides SDMO status information to the user from the MMI DMOSCK Validity submenu
inside the Security menu (present only when configured in the codeplug):
•
DMO SCK is Valid if DMO SCK OTAR is disabled and all DM-SCKs are provided using the KVL.
•
DMO SCK is Valid if DMO SCK OTAR is enabled and the radio knows the current SCK information
and has all the corresponding past and present DM-SCKs.
•
DMO SCK is Invalid in all other cases.
The radio supports system management of SDMO keys. The radio using system managed SDMO
requires the structure of DM-SCKs used for SDMO, the current active SCK Subset Number, and
Version Number information to coordinate key schedules. The radio considers the last received variant
of this information PDU as the most accurate indication of SDMO key configuration.
DMO SCK can only be used if Enhanced Security feature is purchased.
2.15.6
End-to-End Encryption
The TETRA standard supports air encryption. The radio creates the PDU (Protocol Data Unit) and the
PDU is encrypted before transmission. The Base Station receives this PDU and must decrypt it, to
know what to do with it and where to send it. Thus, if a PDU contains voice information, the voice part
of the message has been decrypted and is now unprotected, until it is transmitted out to the caller.
48
Advertisement
Table of Contents
