Changeover Transec Passphrase Distribution - L3 Communications MPM-1000A Operator's Manual

MPM-1000A Operator Manual 1000-7075 Rev E
the MSK changeover, the MSK crypto period may be extended up to a total of 32
weeks.
The NCW protocol allows the MSK changeover process to be initiated when the
operator of any Modem Terminal within the network enters an MSK Notification
command at his or her local Terminal. The Terminal will reject the command if a Future
MSK is not already stored in the Terminal. As part of the command entry sequence, the
operator must enter a "changeover time," which is the UTC date and time at which the
network will changeover to the new MSK.
In response to the MSK Notification command and changeover Date/Time input, the NC
will broadcast an OTAR message. The OTAR message includes the Future MSK and
changeover time.
Upon receipt of the broadcast OTAR message, each listening Terminal will store the
Future MSK and changeover date/time in non-volatile memory and display the pending
MSK changeover Date/Time to the operator.
Terminal operators should also be notified of an impending MSK changeover by
external means (SVOW, etc.). This will alert an operator to issue a request for the
Future MSK if he determines that his Terminal does not hold one. To issue the request,
the operator clicks on the MSK Request button at his Terminal, which causes the
Terminal to transmit an OTAR Request message to the NC. In response, the NC will
send an OTAR message containing the Future MSK and changeover time.
At the Date/Time specified in the OTAR Message, the NC will initiate a network
changeover to the Future MSK. This is accomplished by transmitting the series of
broadcast Frame Countdown messages. The frame number at which the process is
initiated is based on the Date/Time contained in the OTAR message that distributed the
Future MSK. The MEK number and initial Frame Number to use at the start of the new
crypto period are linked to the current UTC time.
After the changeover, the Future MSK will overwrite the Current MSK in non-volatile
memory and become the new Current MSK.

15.6 Changeover TRANSEC Passphrase Distribution

Prior to the changeover to the new MSK, all Terminals must receive the TRANSEC
Passphrase for the future MSK period. The TRANSEC Passphrase must be delivered to
Terminal operators by secure means, external to the NCW network protocol (e.g.
SVOW).
Once a Terminal has received an OTAR message, it will begin a persistent operator
display of: "Changeover scheduled Date/Time, enter Future Passphrase." This display
will persist until the operator enters the Future Passphrase, or the changeover occurs. If
no Future Passphrase is stored at the time the changeover occurs, the Terminal will
generate the MEKs for the new MSK period using the old Passphrase.
15-4