The Key Processing Entity (KPE III) is a high security embedded device that stores crypto material and complements different scenarios throughout the life cycle. For an overview of all provided key management services concerning generation, preparation, loading and PKI features, please refer to the Cybels Key Management Centre Defence (Cybels KMC Defence) solutions.
KPE III provides encryption and decryption functionality for Local Management Entities (LMEs) which represent nodes of a distribution network. KPE III, the successor of KPE II is fully backwards compatible with all functions of the KPE II. The KPE III is only sold in conjunction with the Crypto Material Distribution And Management (VESUV) system that is an Electronic Key Management System (EKMS) currently used within the German Armed Forces.
The cryptographic processing is performed on the KPE III within the protected crypto core. The KPE III ensures high confidentiality of all data transmitted and at rest. The device is secured against unauthorised use through an identity management system limiting device access. The device provides three different roles for users as well as a Two-Factor Authentication (2FA) with a smart card and user password. After successful device authentication with a user’s specific smart card, all device functions (limited to the user) are accessible. Removing the smart card from the KPE III halts access to the device immediately.
The KPE III can be operated at the highest of security levels. Furthermore, the device supports bulk generation and black key single port loading when used in conjunction with a Key Loading Management System (KLMS) within the Cybels KMC Defence.
- Cryptographic capabilities to secure crypto variables and large data files
- Encryption capabilities between different encryption types (internal, transport, …)
- Generates PTG.3 conform random variables and key types used in Cybels KMC Defence
- Extended storage space for crypto materials such as Encryption Keys
- Performance-driven crypto core and enhanced tamper protection
- Updatable crypto algorithm suite ensuring future interoperability
- Two-Factor Authentication (2FA) with smart card and user password
- Enhanced diagnostics and maintenance reports
- External interfaces: Security token, optical interface, DS-101
- Backward compatibility (EKMS 308 Rev C, DTD II)
- Functional backward compatibility with KPE II
- Crypto material handling in accordance with EKMS 308 Rev F
Ports
- FILL port - for crypto hosts
- Power supply port - 12 Volt DC 150 mA
- Smart card interface
- Optical control connector (1 Gbit/s LAN, LC-Connector
Human-Machine Interface (HMI)
- Simplified status display
- Battery status indicator
Performance
- 2 MB/s high speed encryption for data files
- Encryption and decryption of data files up to 100 MB
Temperatur
- Operation: -20°C to +70°C
- Storage: -40°C to +70°C
Dimensions
- Height: 55 mm
- Width: 160 mm
- Depth: 270 mm
Power supply
- Six 1.5 Volt AA batteries
- Optional external power supply
Electromagnetic compatibility
In accordance with VG-Guidelines and MIL-STD-461E
Environmental tests
- In accordance with MIL-STD-810H
- 500.6 Low pressure
- 501.7 High temperature
- 502.7 Low temperature
- 507.6 Humidity - Tested for air transportation up to 10,000 m
Classification
- NATO Cosmic Top Secret
- STRENG GEHEIM (German Federal Office for Inforamtion Security (BSI)
Accredited to
- TEMPEST: SDIP 27 Level B
- COMSEC: ZDv A-960/1, BSI Grundschutz, IT-Grundschutzerweiterung Bundeswehr, VSA
Export limitations
Controlled Cryptographic Item (CCI)
Operational security
- Removable user access token, smart card
- Role privileges (user, administrator and maintenance)
- Enhanced security measures