The Key Loading Management System (KLMS) is a flexible crypto preparation system for various platforms and devices. The system can provide both bulk and single-key preparation. On request various Onboard Crypto Management Units (OCMUs) with different key safes can be supported.

For key management services concerning generation, distribution, loading, PKI features or a combination of all depicted segments please refer to our Cybels Key Management Centre brochure.

Main functions

  • Preparation of crypto material based on defined key header templates for dedicated crypto hosts delivered by the DTD II
  • Bulk generation for various platforms equipped with an OCMU (e.g. ACVMU, CCMU)
  • Bulk encryption capabilities for confidential transport of mission data structures to related platforms
  • Secured hardware based crypto material storage
  • Role based user management
  • Mission based key management
  • Crypto material lifetime limitation and revocation
  • Audits and notifications
  • Archiving and backup
  • Flexible offline crypto material
  • Modular software architecture (core functions, user interface, editors)
  • Two-factor authentication (based on passwords and KPE II CIK) - Adaptable to new standards

Key benefits

  • Imports crypto material from DTD or DVD
  • Stores crypto material encrypted by KPE II
  • Assigns validity to crypto material segments
  • Assembles crypto key segments according to mission scenarios and checks their availability in KLMS
  • Prepares crypto material segments with crypto host specific header data
  • Exports prepared crypto material segments to DTD for direct loading (single port loading) or for different OCMU types (bulk format)
  • Imports, views and archives, OCMU accountings or DTD audits
  • Security features such as role-based user access, audit of key operations and service updates
  • Hardened platform in accordance with the basic protection catalogue of the German Federal Office for Information Security (BSI)

Interfaces

(Exemplary for the KPE III and DTD II)

 

Ports

  • FILL port - for crypto hosts

  • Power supply port - 12 Volt DC 150mA

  • Power supply port - 9 Volt DC 150mA

  • Smart card interface

  • Optical control connector (1 Gbit/s LAN, LC-Connector

  • Crypto Ignition Key (CIK) slot - for removable user access token

Protocols

  • DS-101 crypto material transfer, in accordance with EKMS 308 Rev F
  • DS-102 Common Fill Device Interface (CFDI), in accordance with EKMS 308 Rev F
  • RS-232 crypto host loading, in accordance with EKMS 603

Human-Machine Interface (HMI)

  • Simplified status display
  • Battery status indicator
  • Keypad: 43 keys
  • Display: 6 x 20 characters

© Thales

Security characteristics

 

Classification

NATO Cosmic Top Secret

STRENG GEHEIM (German Federal Office for Information Security (BSI))

Accredited to

TEMPEST: SDIP 27 Level A

COMSEC: ZDv A-960/1, BSI-Grundschutz, IT-Grundschutzerweiterung Bundeswehr

BSI-VSA-10420

Export limitations

Controlled Cryptographic Item (CCI)

Operational security

Removable user access token, Crypto Ignition Key (CIK)

Role privileges (user, admin, maintenance)

Enhanced security measures

Tamper protection and detection

Emergency erasure (zeroization)

 

Works with