Page 3 No part of this document may be reproduced, transmitted, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, without the prior written permission of Motorola Solutions, Inc. Furthermore, the purchase of Motorola products shall not be deemed to grant either directly or by implication, estoppel or otherwise, any license under the copyrights, patents or patent applications of Motorola, except for the normal nonexclusive, royalty-free license to use that arises by operation of law in the sale of a product.
Page 5 Document History Version Description Date 6871018P35-A Original release of the KVL 4000 Key Variable May 2010 Loader Advanced SECURENET User Guide 6871018P35-B Updated as follows: November 2010 • Added the following sections: – “Performing the OS Hardening” – “Unlocking the Operator Account”...
Page 6 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Version Description Date • “Selecting the Password Masking Mode” • “Managing Encryption Keys” • “Loading Keys into Target Devices” • “KVL 4000 Disaster Recovery” • “Troubleshooting KVL Application and/or VPN Software Failure”...
Page 7 Document History Version Description Date • “Applying Transparent Security Settings Through the KVL Software Installation Wizard” • “Exiting the KVL Application”...
Page 9 2.1.4.4 Selecting the Password Masking Mode ................2-11 2.2 KVL 4000 System-Dependent Parameters ................... 2-11 2.2.1 KVL 4000 – Switching Between the Modes of Operation .............. 2-11 2.2.2 Setting the Baud Rate for RS-232 Communication ............... 2-12 2.2.3 Changing the FIPS Mode ......................2-13 2.2.4 Managing the System Key (DVI-XL Only).................
Page 10 KVL 4000 Key Variable Loader Advanced SECURENET User Guide 4 Loading Keys into Target Devices ......................... 4-1 4.1 Loading Traffic Keys......................... 4-1 4.2 Loading Shadow Keys ........................4-4 4.3 Loading a Macro ..........................4-7 5 Managing Keys in Target Devices ......................... 5-1 5.1 Removing Keys from Target Devices....................
Page 11 List of Figures Figure 1-1 KVL 4000 Key Variable Loader ....................1-2 Figure 1-2 Personal Digital Assistant (PDA) ....................1-3 Figure 1-3 Security Adapter – Ports and Interfaces ..................1-5 Figure 1-4 KVL Main Screen ........................1-8 Figure 1-5 PDA and PC – Connected ......................1-10 Figure 1-6 PDA and Security Adapter –...
Page 12 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Figure 9-7 Assembling USB Clip ........................ 9-9 Figure 9-8 Assembling Foam Pad........................ 9-9 Figure 9-9 Assembling O-Ring ......................... 9-10 Figure 9-10 Assembling Front Housing – PCB ....................9-10 Figure 9-11 Assembling Front Housing – Connectors ..................9-11 Figure 9-12 Assembling Front Housing –...
Page 13 PDA Controls and Ports Used in the KVL Operation................ 1-3 Table 1-2 Security Adapter Ports and Interfaces .................... 1-5 Table 1-3 Sounds Played by the KVL 4000 ....................1-7 Table 9-1 User Entry Errors ........................9-1 Table 9-2 Operational Errors ........................9-3 Table 9-3 KVL 4000 Disaster Recovery ......................
Page 15 2.1.4.3 — Clearing KVL Passwords............................2-10 2.1.4.4 — Selecting the Password Masking Mode ........................2-11 2.2.1 — KVL 4000 – Switching Between the Modes of Operation ..................2-11 2.2.2 — Setting the Baud Rate for RS-232 Communication....................2-12 2.2.3 — Changing the FIPS Mode............................2-13 2.2.4.1 —...
Page 16 KVL 4000 Key Variable Loader Advanced SECURENET User Guide 6.1 — Sharing a Single Key ...............................6-1 6.2 — Sharing a Macro and Associated Keys ..........................6-3 6.3 — Sharing All Keys and All Macros............................6-4 7.2 — Accessing Log Records..............................7-1 7.3 — Clearing Log Records ..............................7-2 7.4 —...
Page 17 About the KVL 4000 Key Variable Loader Advanced SECURENET User Guide This manual provides step-by-step instructions for using the Key Variable Loader (KVL) to create and store encryption keys, and then load them into other Motorola secure equipment, such as radios, fixed encryption units, digital interface units (DIUs), and others.
Page 18 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Related Information Purpose Standards and Guidelines for Provides standards and guidelines that should Communication Sites be followed when setting up a Motorola communications site. Also known as R56 manual. This may be purchased on CD 9880384V83, by...
Page 19 (iii) in strict accordance with this Agreement. 3.3 You may install and use the Products on a single Motorola PDA and KVL 4000 security adapter, provided that the use is in conformance with the terms set forth in this Agreement.
Page 20 KVL 4000 Key Variable Loader Advanced SECURENET User Guide transportable part of the Products to a PC hard disk, provided you keep the original solely for back-up purposes. If the Documentation is in printed form, it may not be copied. If the Documentation is in electronic form, you may print out 1 copy, which then may not be copied.
Page 21 7. Payment 7. Payment The rights granted hereunder are contingent upon payment for the Product. All payments are due next 30 days from the date of the invoice. 8. Transfer In the case of Software designed to operate on Motorola equipment, you may not transfer the Software to another party except: (i) if you are an end-user, when you are transferring the Software together with the Motorola equipment on which it operates;...
Page 22 KVL 4000 Key Variable Loader Advanced SECURENET User Guide 12. Disclaimer EXCEPT FOR THE ABOVE EXPRESS LIMITED WARRANTY, MOTOROLA DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR IN ANY COMMUNICATION WITH YOU. MOTOROLA SPECIFICALLY DISCLAIMS ANY WARRANTY INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILTY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.
Page 23 16. Term of License 16. Term of License Your right to use the Products will terminate immediately without notice upon a breach of this Agreement by you. Within 30 days after termination of this Agreement, you will certify to Motorola in writing that through your best efforts, and to the best of your knowledge, the original and all copies, in whole or in part, in any form, of the Software and all related material and Documentation, have been destroyed, except that, with prior written consent from Motorola, you may retain one copy for archival or backup purposes.
Page 25 The Motorola Solutions Software that may be included on this media, or included in the Motorola Solutions Product, is Copyright (c) by Motorola Solutions, Inc., and its use is subject to the licenses, terms and conditions of the agreement in force between the purchaser of the Motorola Solutions Product and Motorola Solutions, Inc.
Page 26 KVL 4000 Key Variable Loader Advanced SECURENET User Guide PUBLICLY AVAILABLE SOFTWARE LIST – KVL SOFTWARE INSTALLATION WIZARD Name: RAPI2 Version: Description: A managed wrapper to access the features exposed by the COM interfaces for the Remote API 2. These classes allow the developer to access information, files, and the registry on a device connected through ActiveSync from desktop applications.
Page 27 PUBLICLY AVAILABLE SOFTWARE LIST – PDA Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 28 KVL 4000 Key Variable Loader Advanced SECURENET User Guide THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Page 29 PUBLICLY AVAILABLE SOFTWARE LIST – SECURITY ADAPTER You may NOT decompile, disassemble, reverse engineer or otherwise attempt to extract, generate or retrieve source code from any compiled binary provided in the SOFTWARE. You will (a) NOT use OpenNETCF's name, logo, or trademarks in association with distribution of the SOFTWARE or derivative works unless otherwise permitted in writing;...
Page 30 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Software Site: http://www.openbsd.org License: The utilized Code is under BSD Type of License Author: Tatu Ylonen <ylo@cs.hut.fi> Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland All rights reserved. Functions for manipulating fifo buffers (that can grow if needed).
Page 31 PUBLICLY AVAILABLE SOFTWARE LIST – SECURITY ADAPTER Source Code: No Source Code Distribution Obligations License: The utilized Code is under BSD and MIT Type of Licenses sccl.c, vscanf.c Copyright (c) 1990 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms, and that any documentation related to such distribution and use acknowledge that the software was developed by the University of California, Berkeley.
Page 32 KVL 4000 Key Variable Loader Advanced SECURENET User Guide PUBLICLY AVAILABLE SOFTWARE COMMON LICENSES No Common Licenses included.
Page 33 MOTOROLA COMMUNICATION PRODUCTS I. WHAT THIS WARRANTY COVERS AND FOR HOW LONG: MOTOROLA SOLUTIONS, INC. (“MOTOROLA”) warrants the MOTOROLA manufactured Communication Products listed below (“Product”) against defects in material and workmanship under normal use and service for a period of time from the date of purchase as scheduled below:...
Page 34 KVL 4000 Key Variable Loader Advanced SECURENET User Guide III. STATE LAW RIGHTS: SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES OR LIMITATION ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATION OR EXCLUSIONS MAY NOT APPLY.
Page 35 VI. PATENT AND SOFTWARE PROVISIONS: VI. PATENT AND SOFTWARE PROVISIONS: MOTOROLA will defend, at its own expense, any suit brought against the end user purchaser to the extent that it is based on a claim that the Product or parts infringe a United States patent, and MOTOROLA will pay those costs and damages finally awarded against the end user purchaser in any such suit which are attributable to any such claim, but such defense and payments are conditioned on the following: that MOTOROLA will be notified promptly in writing by such purchaser of any notice of such claim;...
Page 37 • Changing the power settings (setting the timeout for turning off the display to conserve battery power) Set up the PDA so that it turns itself off when it is not in use to preserve the KVL 4000 battery life.
Page 38 Figure 1-1 KVL 4000 Key Variable Loader 1.2.1.1 Personal Digital Assistant The Personal Digital Assistant (PDA) is the host component of the KVL 4000, responsible for controlling all operations of the device. It is a Motorola rugged handheld computer operating Windows Mobile 6.5. The PDA model used as part of the KVL 4000 is MC55A0.
Page 39 1.2.1.1 Personal Digital Assistant Figure 1-2 Personal Digital Assistant (PDA) Table 1-1 PDA Controls and Ports Used in the KVL Operation Callout Item Description Number Charging/Battery Status LED Blinks when the battery is charging; solid when the battery is charged. Touch screen Navigate through the UI by tapping or dragging items on the screen.
Page 40 (available at http://www.motorola.com/enterprisemobility/manuals). 1.2.1.2 Security Adapter The Security Adapter is an integral component of the KVL 4000, providing secure storage of encryption keys, cryptographic operations, and port access for the KVL 4000. Always make sure to exit the KVL application on the PDA before disconnecting the Security Adapter.
Page 41 1.2.1.2 Security Adapter Figure 1-3 Security Adapter – Ports and Interfaces Table 1-2 Security Adapter Ports and Interfaces Number Item Description Key load Port Serves as the interface to all target devices for key loading and upgrade operations. Tricolored LED Serves as the diagnostic status indicator for the KVL.
Page 42 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Table 1-2 Security Adapter Ports and Interfaces (cont'd.) Number Item Description USB Port Serves as the interface to all expansion adapters used by the KVL. Locking Tabs Attach the Security Adapter to the PDA and slide the two locking tabs up until they both lock into position.
Page 43 1.2.3 KVL 4000 Sounds 1.2.3 KVL 4000 Sounds Table 1-3 Sounds Played by the KVL 4000 Sound name Description attention Played for any case when your attention is needed. bad bonk Played when you enter an invalid digit when entering a value.
Page 44 KVL 4000 Key Variable Loader Advanced SECURENET User Guide • Connect the KVL to a target device, such as a radio, and transfer the key to the target device. See 1.4.4 Connecting the KVL to a Target Device, page 1-13 Chapter 4 Loading Keys into Target Devices.
Page 45 1.4.1 Applying Enhanced Security Settings Through the KVL Software Installation Wizard • 1.4.6 Launching the KVL Application, page 1-16 • 1.4.7 Exiting the KVL Application, page 1-19 1.4.1 Applying Enhanced Security Settings Through the KVL Software Installation Wizard Prerequisites: • Ensure that you have the USB Programming Cable. •...
Page 46 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Connect the PDA to a PC using the USB Programming Cable. Figure 1-5 PDA and PC – Connected Step result: For Windows XP, the ActiveSync application starts. For Windows Vista and Windows 7, the Windows Mobile Device Center starts.
Page 47 1.4.2 Applying Transparent Security Settings Through the KVL Software Installation Wizard When you have entered and confirmed the password on your PDA, click OK on the message on your PC. Step result: The Enhanced Security Settings are applied successfully. Click Next → Exit to close the KVL Software Installation Wizard. 10 Disconnect the USB Programming Cable from the PDA.
Page 48 KVL 4000 Key Variable Loader Advanced SECURENET User Guide In the window that appears, clear the check box next to Your device is using Enhanced Security Settings, and click Next. The Transparent Security Settings will be applied after the KVL application reinstallation/upgrade.
Page 49 1.4.4 Connecting the KVL to a Target Device To secure the Adapter, slide the locking tabs up fully until a click is felt indicating they are in the locked position. If either slide is not in the locked position, an orange dot is visible. Figure 1-7 PDA and Security Adapter –...
Page 50 KVL 4000 Key Variable Loader Advanced SECURENET User Guide For information on what cables/adaptors to use with particular target devices, see Table B-5 Interface Cables B KVL 4000 – Orderable Parts, page B-1. Connect the KVL and the Target Device using an appropriate key load cable and an adaptor (if required).
Page 51 Take the KVL to KVL cable (TKN8209). Connect two KVLs through their key load ports. Figure 1-9 Two KVL Units – Connected The KVL 4000 is also compatible with the previous models of the KVL. 1.4.5 Charging the KVL 4000 Prerequisites: Ensure that you have: •...
Page 52 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Connect the other end of the AC Line Cord to the power supply. Connect the power supply to the KVL through the Charging Port on the Security Adapter. Step result: The KVL starts charging. The middle LED on the PDA is blinking to indicate the KVL is being charged.
Page 53 1.4.6 Launching the KVL Application If the device is not already powered on, press the Power button on the PDA. If you reboot the device, the KVL application launches automatically. Step result: The KVL powers on and the Today screen appears. Figure 1-11 Today Screen 6871018P35-F - January 2013 1-17...
Page 54 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Tap the Key Variable Loader button. If the PDA and the Security Adapter are not compatible, a notification appears. Step result: If there are no passwords defined for your KVL, the KVL application launches and the KVL main screen appears.
Page 55 If you log on as an Administrator and there are upgrades available for the Security Adapter or a target device, the Upgrades available screen appears. For more information on upgrades, see the KVL 4000 FLASHPort Upgrade User Guide. If you log on as an Operator and enter an incorrect password 3 times, your account is locked. Wait 15 minutes to try again, or contact an Administrator to unlock your account (see 9.3 Unlocking the...
Page 56 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Procedure Steps Navigate to the KVL main screen. You can do it by pressing the End Key on the PDA (see 1.2.1.1 Personal Digital Assistant, page 1-2). Tap Exit. If you have passwords defined for your KVL, the button says Log Off instead.
Page 57 Before using your KVL to enter and load encryption keys, set several parameters that determine how the KVL operates. 2.1 KVL 4000 User Preference Parameters The user preference parameters and settings are not required for operation of the KVL, but instead provide a way of customizing certain functions to suit your individual needs.
Page 58 KVL 4000 Key Variable Loader Advanced SECURENET User Guide When and where to use: Use these steps to set the KVL screen color scheme. Figure 2-1 KVL Screen in Day Time Color Scheme (Example) Figure 2-2 KVL Screen in Night Time Color Scheme (Example)
Page 59 2.1.3 Turning Sharing On/Off Procedure Steps On the KVL main screen, select Settings → General → Color scheme. Step result: The list of color scheme options appears, with the one currently used highlighted. Tap Cancel to return to the previous screen without changing the current mode. Tap the desired color scheme.
Page 60 KVL 4000 Key Variable Loader Advanced SECURENET User Guide • converting keys • setting and changing the KVL inactivity timeout • changing FIPS mode • changing System Key • changing Sharing mode • changing Administrator password • clearing passwords • clearing log records Without password protection, all users have access to all of the KVL functions.
Page 61 2.1.4.1.2 Setting Up the Administrator Password Procedure Steps On the KVL main screen, select Settings → Security → Passwords → Define passwords → Operator. Step result: The New password and Repeat password entry fields appear. In the New password entry field, type the password of your choice using the PDA keypad. The password must contain between 15 and 30 characters, including at least 1 special character, 1 numeric character, and 1 uppercase character.
Page 62 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Procedure Steps On the KVL main screen, select Settings → Security → Passwords → Define passwords → Administrator. Step result: The New password and Repeat password entry fields appear. In the New password entry field, type the password of your choice using the PDA keypad.
Page 63 2.1.4.2.2 Changing the Operator Password (Administrator Access Level) Procedure Steps Log on as an Operator. Step result: The KVL main screen appears. Select Settings → Security → Password. Step result: The Operator screen appears, with the Current password, New password, and Repeat password entry fields.
Page 64 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Procedure Steps Log on as an Administrator. If you are prompted for upgrades, select No, not now. Step result: The KVL main screen appears. Select Settings → Security → Passwords → Update passwords → Operator.
Page 65 2.1.4.2.3 Changing the Administrator Password Procedure Steps Log on as an Administrator. If you are prompted for upgrades, select No, not now. Step result: The KVL main screen appears. Select Settings → Security → Passwords → Update passwordsAdministrator. Step result: The Current password, New password, and Repeat password entry fields. In the Current password entry field, type the current password using the PDA keypad.
Page 66 KVL 4000 Key Variable Loader Advanced SECURENET User Guide 2.1.4.3 Clearing KVL Passwords Prerequisites: Only an Administrator can clear passwords. Procedure Steps Log on as an Administrator. If you are prompted for upgrades, select No, not now. Step result: The KVL main screen appears.
Page 67 Set the parameters in this section depending on the particular system (ASN, ASTRO ® 25, or Radio Authentication) in which the KVL is operating. 2.2.1 KVL 4000 – Switching Between the Modes of Operation ® ® The KVL provides three modes of operation: ASN (Advanced SECURENET...
Page 68 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Procedure Steps On the KVL main screen, select Settings → System. Step result: A list of available modes appears (ASN, ASTRO ® 25, and Radio Authentication), with the currently used mode highlighted.
Page 69 2.2.3 Changing the FIPS Mode Procedure Steps On the KVL main screen, select Settings → General → Baud Rate. Step result: A list of available values appears, with the currently set value highlighted. You can choose from the following values: •...
Page 70 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Procedure Steps On the KVL main screen, select Settings → Security → FIPS mode. Step result: The list of available values appears, with the currently selected value highlighted. The available values are: •...
Page 71 2.2.4.1 Entering the User-Defined System Key 2.2.4.1 Entering the User-Defined System Key Prerequisites: Only an Administrator can enter the System Key. When and where to use: Instead of using the default System Key, you can enter your own System Key. Changing the System Key deletes all associated keys.
Page 72 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Procedure Steps On the KVL main screen, select Settings → Security → System Key. Tap the New > key. Step result: A Key Data Info Field and a Hex Entry Keypad appear.
Page 73 Managing Encryption Keys The Advanced SECURENET ® operating mode only supports Physical ID (PID) based key management. 3.1 Entering Encryption Keys Manually Prerequisites: Only an Administrator can enter keys. When and where to use: Use these steps to manually enter a Traffic Key or a Shadow Key into the KVL internal key database. Procedure Steps On the KVL main screen, select Manage →...
Page 74 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Tap the + button to define a new key. Select Enter manually to enter keys one by one. Select Algorithm and choose one of the algorithms from the list. Select Physical ID and type a number in 0–511 range to set the key location.
Page 75 3.2 Auto-Generating Encryption Keys On the KVL main screen, select Manage → Keys. Step result: The Manage keys screen appears. Figure 3-2 Manage Keys Screen – Entering a Key (Example) Choose if you want to enter Traffic or Shadow keys – select the appropriate tab. Tap the + button to define a new key.
Page 76 KVL 4000 Key Variable Loader Advanced SECURENET User Guide 10 Tap Done when ready. 11 Tap Generate >. Step result: A progress animation appears, indicating that the keys are being generated. When the process is completed, you return to the Manage keys screen.
Page 77 3.3.1 Creating a Macro On the KVL main screen, select Manage → Macros. Step result: The Macros screen appears with a list of available macros. Figure 3-3 Macros Screen – Creating a Macro (Example) Tap the + button to define the parameters of a new macro. You can create up to 4 macros.
Page 78 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Select Slot offset to indicate into which group of 16 target slots the keys in this macro will be loaded. You can choose from group 0 to group 63. Figure 3-4 Slot Offset Screen Select the desired group.
Page 79 3.3.1 Creating a Macro Select the desired target slot number. Each group consists of 16 slots for Traffic keys and one slot for Common Shadow Key (CSK). Step result: A screen for this slot appears. Figure 3-5 Slot Screen – Example Select the Load tab.
Page 80 KVL 4000 Key Variable Loader Advanced SECURENET User Guide 12 Tap Done when ready. Step result: The new macro is saved and appears in the list. 13 Tap Done to return to the previous screen. 14 Tap the + button to define a new macro, or tap Done to return to the KVL main screen.
Page 81 3.4 Editing Keys Locate and select the key you want to modify on the list of available keys. You can use the smart bar on the right side of the screen to scroll through the list or quickly jump within the list to a selected area.
Page 82 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Select Key. Step result: A Hex keypad appears. Figure 3-8 Enter Key Screen – Example Tap Auto to generate the key automatically, or enter the key using the Hex keypad. For DES keys only: As you enter each digit of the encryption key, the KVL checks it for validity. If you enter an invalid number, it flashes red and a bad bonk sound is played.
Page 83 3.5 Deleting Keys Prerequisites: Only an Administrator can delete keys. When and where to use: Use these steps to delete an Encryption Key. Procedure Steps On the KVL main screen, select Manage → Keys. Step result: The Manage keys screen appears. Figure 3-9 Manage Keys Screen –...
Page 84 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Tap Delete. Step result: The key has been deleted. If you want to restore the deleted key, tap Undo before leaving the confirmation screen. Tap Accept to confirm and return to the list of keys.
Page 85 Loading Keys into Target Devices You can load encryption keys into one of the following devices: • Secure ASTRO ® 25 Single Key Target Radios ® • Secure ASTRO 25 Multiple Key Target Radios • SECURENET/Advanced SECURENET Mobile Radios • SECURENET/Advanced SECURENET Portable Radios •...
Page 86 KVL 4000 Key Variable Loader Advanced SECURENET User Guide On the KVL main screen, select Load keys & macros → Load keys. Step result: The Load keys screen appears, with the Traffic tab open. Figure 4-1 Load Keys Screen – Loading a Traffic Key (Example) Connect the radio to the KVL using an appropriate key load cable.
Page 87 4.1 Loading Traffic Keys Select the key you want to load. Step result: A screen with the decimal keypad appears. Figure 4-2 PID Entry Screen – Example Enter the destination slot (PID) for this key using the decimal keypad. This screen appears only if the connected radio has more than one destination slot. The Physical ID (PID) range is dynamically generated based on a query for the radio’s capacity.
Page 88 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Tap Load now >. Step result: The key has been loaded to the desired destination. The completed sound is played and you return to the Load keys screen (the key that you have loaded now has a green check mark next to it).
Page 89 4.2 Loading Shadow Keys On the KVL main screen, select Load keys & macros → Load keys. Step result: The Load keys screen appears with a list of available Traffic keys. Figure 4-4 Load Keys Screen – Loading a Shadow Key (Example) Select the Shadow tab.
Page 90 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Select the key you want to load. Step result: The list of available destinations for the key appears. Figure 4-5 Load Shadow Key Screen – Example 6871018P35-F - January 2013...
Page 91 4.3 Loading a Macro Select the destination for this key. Choose either Load to CSK or Load to USK. If the radio has no CSK and USK slots, an error message is displayed. Step result: The key has been loaded to the desired destination. Figure 4-6 Shadow Key Loaded –...
Page 92 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Procedure Steps On the KVL main screen, select Load keys & macros → Load macros. Step result: The list of available macros appears. Figure 4-7 Load Macros Screen – Example Connect the radio to the KVL using an appropriate key load cable. (See 1.4.4.1 Connecting the KVL to a Radio...
Page 93 Managing Keys in Target Devices 5.1 Removing Keys from Target Devices KVL allows you to erase an encryption key (Traffic or Shadow) stored in a specific key slot in a secure target device, such as a radio. This feature permanently erases the encryption key currently stored in the slot. The slot is then considered to be undefined and may be used to hold another encryption key.
Page 94 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Select Traffic key. Step result: The Remove traffic key screen appears with a decimal keypad. Figure 5-2 Remove Traffic Key Screen This screen is only displayed when the radio has more than one destination slot.
Page 95 5.1.2 Removing Shadow Keys from a Target Device 5.1.2 Removing Shadow Keys from a Target Device Prerequisites: There are encryption keys in the KVL internal database. Procedure Steps Connect the radio to the KVL using an appropriate key load cable. (See 1.4.4.1 Connecting the KVL to a Radio or Another Target Device, page 1-13.)
Page 96 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Select CSK if you want to remove a Common Shadow Key, or USK if you want to remove a Unique Shadow Key. Step result: A confirmation screen appears. Figure 5-4 Remove CSK Screen Select Remove Now >.
Page 97 ® 25 mode. (To change the mode of operation, see 2.2.1 KVL 4000 – Switching Between the Modes of Operation, page 2-11.) • Only key data and macros are shared. KVL configuration settings and log records for the target KVL remain unchanged.
Page 98 KVL 4000 Key Variable Loader Advanced SECURENET User Guide On the KVL main screen, select Load keys & macros → Load keys. Step result: The list of Traffic keys appears. Figure 6-1 Load Keys Screen – Sharing a Key (Example) If you want to share a Shadow key, select the Shadow tab.
Page 99 6.2 Sharing a Macro and Associated Keys 6.2 Sharing a Macro and Associated Keys Prerequisites: There are macros in the KVL internal database. Procedure Steps On the KVL main screen, select Load keys & macros → Load macros. Step result: A list of available macros appears. Figure 6-2 Load Macros Screen –...
Page 100 KVL 4000 Key Variable Loader Advanced SECURENET User Guide 6.3 Sharing All Keys and All Macros Prerequisites: In order to share all keys and macros, the target KVL must support the same algorithms as the source KVL. • Example 1: The source KVL is equipped with DES and DVP-XL, and there is at least one key defined for each algorithm.
Page 101 Managing Log Records The KVL maintains a running record of the most recent 100 successful key load operations. The format of each log record entry on the list is as follows: • First line: Date/Time • Second line: Role/Action Performed •...
Page 102 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Procedure Steps On the KVL main screen, select Settings → Operations log. Step result: The list of log records appears. Figure 7-1 Operations Log (Example) You can scroll through the list or quickly jump to a selected area using the smart bar on the right side of the screen.
Page 103 7.3 Clearing Log Records On the KVL main screen, select Settings → Operations log. Step result: The list of log records appears. Figure 7-2 Operations Log – Clear (Example) 6871018P35-F - January 2013...
Page 104 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Select the Clear button. Step result: A confirmation screen appears. Figure 7-3 Clearing Logs – Confirmation Screen To restore the log, tap Undo. Tap Accept to confirm. Only the logs for the current mode of operation (ASN, ASTRO ®...
Page 105 7.4 Exporting Log Records to a PC Prerequisites: A communications program, such as Microsoft HyperTerminal, must be running on the PC in order to export log records. Procedure Steps Connect an appropriate cable between the KVL DB9 Port (RS-232) and a COM port on the PC. Depending on the cable type, you may need to use a gender changer.
Page 107 Converting Encryption Keys This chapter is applicable only if your KVL is configured to work in both ASN and ASTRO ® 25 modes of operation. ® If your KVL is configured to work in both ASN and ASTRO 25 modes of operation, you can convert encryption keys between these two modes.
Page 108 KVL 4000 Key Variable Loader Advanced SECURENET User Guide On the KVL main screen, select Manage → Keys. Step result: The Manage keys screen appears, with a list of available Traffic keys. Figure 8-1 Manage Keys Screen – Converting ASN Key (Example) To see the list of available Shadow keys, select the Shadow tab.
Page 109 8.3 Converting a Key from ASN to ASTRO 25 Select the desired key. Step result: A screen with details for the selected key appears. Figure 8-2 Converting to ASTRO 25 (Example) Select Convert to ASTRO25. Step result: If you have made changes to the key, you are prompted to confirm conversion. Otherwise, you are prompted to provide details for the ASTRO ®...
Page 110 KVL 4000 Key Variable Loader Advanced SECURENET User Guide If you want to convert another key, perform step 2 through step 8 for this key. Otherwise, tap Done to return to the KVL main screen. 8.4 Converting a Key from ASTRO 25 to ASN Prerequisites: Only an Administrator can convert keys.
Page 111 8.4 Converting a Key from ASTRO 25 to ASN Select the desired key. Step result: A screen with details for the selected key appears. Figure 8-4 Converting to ASN (Example) Select Convert to ASN. Step result: If you have made changes to the key, you are prompted to confirm conversion. Otherwise, a screen with the decimal keypad appears, prompting you to enter the Physical ID for the key.
Page 113 Troubleshooting 9.1 Error Messages Error messages displayed by the KVL can be divided into two types: • User Entry Errors – Displayed in response to an illegal or disallowed action (such as entering an invalid value, entering a duplicate LID, and so on). See 9.1.1 User Entry Errors, page 9-1.
Page 114 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Table 9-1 User Entry Errors (cont'd.) Error/Status Message Probable Cause Remedy Displayed when you try to load Change the destination slot for your Oops Traffic key a Traffic key to a radio that does key loading to a smaller value.
Page 115 9.1.2 Operational Errors Table 9-2 Operational Errors Error/Status Message Probable Cause Remedy Out of memory The KVL internal database is full Delete any items stored in the KVL and cannot store any more data. to make room for new data. This includes items such as unused keys and log records.
Page 116 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Table 9-2 Operational Errors (cont'd.) Error/Status Message Probable Cause Remedy Not supported by An algorithm is not supported. Check the connection to the radio and radio (Displayed as a make sure that the radio supports the key subtitle) algorithm of the key being loaded.
Page 117 • If there are three options available (USB Host, USB Client, and USB OTG), then select USB OTG to allow the KVL to auto detect whether it is connected to the Security Adapter or a PC. 9.5 KVL 4000 Disaster Recovery Table 9-3 KVL 4000 Disaster Recovery Event Remedy Hardware failure Replace the device and reenter all the lost data.
Page 118 Software Failure If you are experiencing problems with the KVL and/or NCP applications, follow “Running the KVL Software Installation Wizard” in the KVL 4000 FLASHPort Upgrade User Guide to reinstall the applications. 9.7 Disassembling the Security Adapter When and where to use: Use these steps to disassemble the Security Adapter.
Page 119 9.7 Disassembling the Security Adapter Procedure Steps Remove the self-tapping screws and then remove the back housing. Figure 9-3 Removing Back Housing Remove the dust covers from the tongue features on the front housing. Figure 9-4 Removing Dust Covers 6871018P35-F - January 2013...
Page 120 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Remove the connectors from the front housing connector holes, disconnect the 30-pins board-to-board connector from the flex to the PCB, and remove the PCB assembly from the front housing. Figure 9-5 Removing PCB Assembly Remove the USB clip from the USB connector and the foam pad from the DB-9 connector on the PCB assembly.
Page 121 9.8 Assembling the Security Adapter Attach the USB clip to the USB connector on the PCB. Figure 9-7 Assembling USB Clip Attach the foam pad on top of the DB-9 connector. Ensure that the foam pad is aligned to the middle of the DB-9 face.
Page 122 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Dress the O-ring to the O-ring groove at the back housing. Ensure that the O-ring tabs are slotted to the back housing features. Orient the O-ring so that its tabs' size matches the back housing features' size.
Page 123 9.8 Assembling the Security Adapter Slot the connectors through the front housing connector holes. Figure 9-11 Assembling Front Housing – Connectors Place the PCB assembly to the front housing. Ensure the PCB sits properly on screw bosses. Figure 9-12 Assembling Front Housing – PCB Placed 6871018P35-F - January 2013 9-11...
Page 124 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Slot in the dust cover retention holes through the tongue features on the front housing. Figure 9-13 Assembling Dust Covers Press down the back housing to the front housing vertically. Before closing the back housing, verify that the USB clip is assembled correctly.
Page 125 9.9 Contacting Motorola Tighten the back housing with the self-tapping screws (tightening torque: 7 lbf.in). Figure 9-15 Tightening Back Housing 10 Press the dust covers until they are flush with the front housing. Figure 9-16 Pressing Dust Covers Result: The assembly is complete. 9.9 Contacting Motorola This section contains information about calling Motorola for help.
Page 126 KVL 4000 Key Variable Loader Advanced SECURENET User Guide 9.9.1 Motorola System Support Center and Radio Support Center After collecting the required information and writing a detailed problem report, contact one of the following support centers to help with the problem: •...
Page 127 Appendix A: KVL 4000 – Performance Specifications Table A-1 Physical Characteristics Item Description KVL (PDA + Security Adapter) Height: 216 mm (8.5 in) Width: 84 mm (3.3 in) Depth: 39 mm (1.5 in) Weight: 473 g Table A-2 Encryption Supported Encryption Protocols 12 kbps Advanced SECURENET ®...
Page 128 KVL 4000 Key Variable Loader Advanced SECURENET User Guide In the ASN mode, the KVL GUI does not distinguish between DES, DES-XL, and DES-OFB, but you can load keys for all DES types by selecting the DES option. ADP does not support the following features related to OTAR: •...
Page 129 Appendix B: KVL 4000 – Orderable Parts Table B-1 KVL 4000 Model Item Count Part Number MC55 Kit (see Table B-2 MC55 Kit) NNTN7864 Security Adapter Super Tanapa (see Table B-3 Security NTN2564 Adapter Super Tanapa) KVL 4000 Documentation CD...
Page 130 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Table B-5 Interface Cables Adaptor Item Part Number Used with Required Key Load Cable TKN8531 XTL 5000/2500 TRN7414 (W Control Head) HKN6182 (M/O Control Head) XTS 5000/3000/2500 NTN8613 ASTRO Spectra TRN7414...
Page 131 Appendix B KVL 4000 – Orderable Parts Table B-6 Optional Accessories (cont'd.) Item Part Number MultiMobile ™ USB Modem V.92/56K DSMT9234MUCDCXR CradlePoint Technology USB to Ethernet Adapter PS6U1UPE 3600mAH Battery BTRY-MC55EAB02 6871018P35-F - January 2013...
Page 133 Appendix C: Radio Frequency Interference Requirements C.1 Radio Frequency Interference Requirements – This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Page 135 Appendix D: Acronyms Table D-1 Acronyms Item Description Advanced Digital Privacy Advanced Encryption Standard Assured Mobile Environment Advanced SECURENET Common Key Reference Common Shadow Key Data Encryption Standard (Cipher) DES-OFB Data Encryption Standard-Output Feedback Data Encryption Standard-Counter Addressing DES-XL Digital Interface Unit DVI-XL Digital Voice International-Range Extension Digital Voice Protection...
Page 136 KVL 4000 Key Variable Loader Advanced SECURENET User Guide Table D-1 Acronyms (cont'd.) Item Description Unique Shadow Key Virtual Private Network WACN Wide Area Communications Network 6871018P35-F - January 2013...

Motorola solutions KVL 4000 User Manual

Quick Links

Need help?

Questions and answers

Related Manuals for Motorola solutions KVL 4000

Summary of Contents for Motorola solutions KVL 4000