Encryption Mobility - Motorola MTP850 S Product Information Manual

44 | Services and Features
• Group OTAR of fallback TM-SCK.
• Group OTAR of DM-SCK, including management of the cryptographic schedule of DM-SCKs.
The group OTAR mechanisms require a use of the group session key for OTAR (GSKO). The GSKO is delivered to
the radio only by using individual OTAR and the session key for OTAR (KSO).
For the systems utilizing group OTAR, the fundamental system operation (with respect to SCK/GCK OTAR) relies
on the sites regular transmission. In other words, the sites are regularly broadcasting information regarding which
security class and associated keys are in use. The sites transmit future versions of the respective keys to groups of
radios belonging to the same cryptographic management group (CMG). The radios acquire the keys before the SwMI
activates them. Then the air interface encryption service uses the keys. The sites also broadcast the current key that is
in use which can be sent using OTAR mechanism to the radio on request.
Note: When a radio has not received a new key before activation by the SwMI, the radio requests the
missing keys.
Some systems adopt only individual OTAR methods for delivery of SCK and GCK to the radio. In such cases GSKO
is not used. Some systems employ a mix of individual and group OTAR methods. The radio supports the complement
to functionality required for supporting the superset of different SwMI behaviors, for example:
• Individual OTAR (using KSO) of SCK and GCK.
• Group OTAR (using GSKO) of SCK and GCK.
• Individual OTAR (using KSO) of GSKO.
• Secure DMO Key Management (via SwMI).
• Crypto Management Group.
• Storage of 10 KAG (equivalent to 30 DM-SCK).
• Storage of 16 GCK (includes current/future versions).
• Storage of 2 TM-SCK.
• Storage of Group Association attribute per Talkgroup.
• GCK Air Interface Encryption.
• Seamless key changes of GCK.
• Seamless security class changes to SC3G.
The SwMI can support the group OTAR feature. Where supported, the SwMI groups radios that share the same set of
cryptographic key material into a specific crypto management group (CMG). Any radio belonging to the same CMG
is addressed using a CMG GTSI. The primary purpose of the addressing is to transmit group OTAR messages
conveying TM-SCK, DM-SCK and/or GCK. Any radio that supports TM-SCK group OTAR, DM-SCK group OTAR
or GCK group OTAR is assigned to a specific CMG.
Each CMG has a designated specific GSKO. The system deploys over the air a CMG GSKO (and CMG GTSI) to
each radio belonging to the CMG. The GSKO is used as the sealing key for TM-SCK, DM-SCK, and GCK, when
sent across the air interface. The SwMI can perform scheduled transmissions of the future TM-SCK addressed to each
CMG. The radio requesting a TM-SCK triggers the site to schedule additional transmissions of the requested TM-
SCKs. These transmissions are addressed to either the CMG GTSI that the radio belongs to or its ITSI.
The SwMI can perform scheduled background transmissions of the future GCKs addressed to each CMG. The radio
requesting for a given GCK triggers the site to schedule additional transmissions of the current and the future versions
associated of the requested GCK. These transmissions are addressed to either the CMG GTSI that the radio belongs to
or its ITSI.
The SwMI can perform scheduled background transmissions of the current and the future DM-SCK addressed to each
CMG. The radio requesting for a DM-SCK triggers the site to schedule additional transmissions of the requested DM-
SCK. These transmissions are addressed to either the CMG GTSI that the radio belongs to or its ITSI.

Encryption Mobility

A Class 2 or Class 3 radio can operate on a lower class SwMI (depending on configuration). A radio that is
provisioned not to allow operation on a lower class SwMI, does not register on such a cell.
Send Feedback | | 68015000878-G