The Onboard Crypto Management Unit (OCMU) is a high security embedded device that is used to securely and efficiently manage crypto material onboard different platforms. For key management services concerning generation, preparation, distribution and PKI features, please refer to our Cybels Key Management Centre Defence (Cybels KMC Defence) solutions.
The name OCMU refers to a range of products for onboard key management units. The OCMU comprises of two distinct products namely the Centralized Cryptographic Management Unit (CCMU) for aircraft and the Automatic Cryptographic Variable Management Unit (ACVMU) for helicopters.
Onboard Crypto Management Units allow receiving of, so called, mission relevant bulk aggregated key material and data. OCMUs can be used with land, air and naval platforms. The bulk key aggregates are generated by the Key Loading Management System (KLMS), part of the Cybels KMC Defence. They are transferred to platforms using a Data Transfer Device (DTD). OCMUs on airborne platforms are remotely controlled by the pilot via MIL-bus interfaces or controlled locally by security personnel via a front panel key pad. The Crypto Ignition Key (CIK) authorises any operation executed on the device.
The Onboard Crypto Management Units are also tamper protected while keys stored on the OCMU are additionally encrypted and secured. Emergency deletion can be triggered locally by the operator, remotely by the pilot or through sensors. Security relevant events are recorded in the audit log. The red and black key separation uses galvanic and mechanic methods to separate encrypted and unencrypted key material. Firmware updates are protected through BSI signatures. Thales’ ACVMU and CCMU are approved by the German Federal Office for Information Security (BSI) and SECAN.
Ports
- FILL port - for crypto hosts
- S111 port - for fill devices
- Crypto Ignition Key (CIK) slot - for removable user access token
- Ampenol port - for crypto hosts
- Ampenol port - for crypto host MIL-Bus
- Ampenol port - 28 Volt DC external power supply
Protocols
- DS-101 crypto material transfer, in accordance with EKMS 308 Rev F
- DS-102 Common Fill Device Interface (CFDI), in accordance with EKMS 308 Rev F
- RS-232 crypto host loading, in accordance with EKMS 603
Human-Machine Interface (HMI)
- Keypad: 9 keys
- Display: 2 x 16 characters
Temperature
- Operation: -20°C to +70°C
- Storage: -40°C to +70°C
Weight
2.5 kg
Dimensions
- Width: 146 mm
- Height: 95 mm
- Lenght: 198 mm without plugs
Power supply
28 Volt DC
Electromagnetic compatibility
According to VG-Guidelines and MIL-STD-461E
Environmental tests
- In accordance with MIL-STD-810H
- 500.3 Low pressure
- 514.4 Vibration
- 516.4 Shock - Tested for air transportation up to 10,000 m
Classification
- NATO Cosmic Top Secret
- STRENG GEHEIM (German Federal Office for Information Security (BSI))
Accredited to
- TEMPEST: SDIP 27 Level C
- COMSEC: ZDv A-960/1, BSI-Grundschutz, IT-Grundschutzerweiterung Bundeswehr, VSA
Export limitations
Controlled Cryptographic Item (CCI)
Operational security
- Operation restricted via connected user access token, Crypto Ignition Key (CIK) and passcode
- Tamper protection
- Manipulation detection label
- Power monitoring
- Emergency erasure (zeroization)
Crypto host compatibility
- Global Positioning System (GPS) - e.g. Safran GPS GADIRS
- Identification Friend or Foe (IFF) - e.g. Thales TSX 2500 Family
- Multifunctional Information Distribution System (MIDS) - e.g. Datalink MIDS JTRS
- Radio communication - e.g. Thales SEM93