The Key Loading Management System (KLMS) is a flexible crypto preparation system for various platforms and devices. The system can provide both bulk and single-key preparation. On request various Onboard Crypto Management Units (OCMUs) with different key safes can be supported. It comprises of the high security embedded devices, KPE II, DTD II and an ruggedised laptop as well as a printer.

For key management services concerning generation, distribution, loading and PKI features please refer to our Cybels Key Management Centre Defence (Cybels KMC Defence) solutions.

© Thales

Main functions

  • Preparation of crypto material based on defined key header templates for dedicated crypto hosts delivered by the DTD II
  • Bulk generation for various platforms equipped with an OCMU (e.g. Automatic Crypto Variable Management Unit (ACVMU) [For Helicopters] and Centralized Crypto Management Unit (CCMU) [For Aircrafts])
  • Bulk encryption capabilities for confidential transport of mission data structures to related platforms
  • Secured hardware based crypto material storage
  • Role based user management
  • Mission based key management
  • Crypto material lifetime limitation and revocation
  • Audits and notifications
  • Archiving and backup
  • Flexible offline crypto material
  • Modular software architecture (core functions, user interface, editors)
  • Two-factor authentication (based on passwords and KPE II CIK) - Adaptable to new standards

Key benefits

  • Imports crypto material from DTD or DVD
  • Stores crypto material encrypted by KPE II
  • Assigns validity to crypto material segments
  • Assembles crypto key segments according to mission scenarios and checks their availability in KLMS
  • Prepares crypto material segments with crypto host specific header data
  • Exports prepared crypto material segments to DTD for direct loading (single port loading) or for different OCMU types (bulk format)
  • Imports, views and archives, OCMU accountings or DTD audits
  • Security features such as role-based user access, audit of key operations and service updates
  • Hardened platform in accordance with the basic protection catalogue of the German Federal Office for Information Security (BSI)

© Thales

Interfaces*

Ports

  • FILL port - for crypto hosts

  • Power supply port - 12 Volt DC 150mA

  • Power supply port - 9 Volt DC 150mA

  • Optical control connector (1 Gbit/s LAN, LC-Connector

  • Crypto Ignition Key (CIK) slot - for removable user access token

Protocols

  • DS-101 crypto material transfer, in accordance with EKMS 308 Rev F
  • DS-102 Common Fill Device Interface (CFDI), in accordance with EKMS 308 Rev F
  • RS-232 crypto host loading, in accordance with EKMS 603

Human-Machine Interface (HMI)

  • Simplified status display
  • Battery status indicator
  • Keypad: 43 keys
  • Display: 6 x 20 characters

 

*(Exemplary for the KPE II and DTD II)

© Thales

Security characteristics*

Classification

  • NATO Cosmic Top Secret
  • STRENG GEHEIM (German Federal Office for Information Security (BSI))

Accredited to

  • TEMPEST: SDIP 27 Level A
  • COMSEC: ZDv A-960/1, BSI-Grundschutz, IT-Grundschutzerweiterung Bundeswehr
  • BSI-VSA-10420

Export limitations

Controlled Cryptographic Item (CCI)

Operational security

  • Removable user access token, Crypto Ignition Key (CIK)
  • Role privileges (user, administrator and maintenance)
  • Enhanced security measures
  • Tamper protection and detection
  • Emergency erasure (zeroization)

 

*(Exemplary for the KPE II and DTD II)

    Works with

    Documents
    Contact
    Thales Deutschland GmbH
    de-td-crypto-solutions@thalesgroup.com