The Key Loading Management System (KLMS) is a flexible crypto preparation system for various platforms and devices. The system can provide both bulk and single-key preparation. On request various Onboard Crypto Management Units (OCMUs) with different key safes can be supported.
For key management services concerning generation, distribution, loading, PKI features or a combination of all depicted segments please refer to our Cybels Key Management Centre brochure.
- Preparation of crypto material based on defined key header templates for dedicated crypto hosts delivered by the DTD II
- Bulk generation for various platforms equipped with an OCMU (e.g. ACVMU, CCMU)
- Bulk encryption capabilities for confidential transport of mission data structures to related platforms
- Secured hardware based crypto material storage
- Role based user management
- Mission based key management
- Crypto material lifetime limitation and revocation
- Audits and notifications
- Archiving and backup
- Flexible offline crypto material
- Modular software architecture (core functions, user interface, editors)
- Two-factor authentication (based on passwords and KPE II CIK) - Adaptable to new standards
- Imports crypto material from DTD or DVD
- Stores crypto material encrypted by KPE II
- Assigns validity to crypto material segments
- Assembles crypto key segments according to mission scenarios and checks their availability in KLMS
- Prepares crypto material segments with crypto host specific header data
- Exports prepared crypto material segments to DTD for direct loading (single port loading) or for different OCMU types (bulk format)
- Imports, views and archives, OCMU accountings or DTD audits
- Security features such as role-based user access, audit of key operations and service updates
- Hardened platform in accordance with the basic protection catalogue of the German Federal Office for Information Security (BSI)
(Exemplary for the KPE III and DTD II)
Ports
-
FILL port - for crypto hosts
-
Power supply port - 12 Volt DC 150mA
-
Power supply port - 9 Volt DC 150mA
-
Smart card interface
-
Optical control connector (1 Gbit/s LAN, LC-Connector
-
Crypto Ignition Key (CIK) slot - for removable user access token
Protocols
- DS-101 crypto material transfer, in accordance with EKMS 308 Rev F
- DS-102 Common Fill Device Interface (CFDI), in accordance with EKMS 308 Rev F
- RS-232 crypto host loading, in accordance with EKMS 603
Human-Machine Interface (HMI)
- Simplified status display
- Battery status indicator
- Keypad: 43 keys
- Display: 6 x 20 characters
Classification |
NATO Cosmic Top Secret STRENG GEHEIM (German Federal Office for Information Security (BSI)) |
Accredited to |
TEMPEST: SDIP 27 Level A COMSEC: ZDv A-960/1, BSI-Grundschutz, IT-Grundschutzerweiterung Bundeswehr BSI-VSA-10420 |
Export limitations |
Controlled Cryptographic Item (CCI) |
Operational security |
Removable user access token, Crypto Ignition Key (CIK) Role privileges (user, admin, maintenance) Enhanced security measures Tamper protection and detection Emergency erasure (zeroization) |
Works with
- Crypto Material Generation (ESE)
- Crypto Material Distribution and Management (VESUV)
- Key Processing Entity (KPE)
- Data Transfer Device (DTD)
- Onboard Crypto Management Unit (OCMU)