The TKMD is a small form factor key management facility with capability to support smaller tactical teams/subscribers, up to 3,000 radios (much more with a secure file server). The TKMD is a low cost P25 centralized or portable solution that increases efficiencies and reduces cost. Utilizing P25 Over the Air Rekeying (OTAR) protocols, the ACG TKMD can use a donor radio via direct cable or a Quantar™, GTR8000™, or Icom Eclipse2 repeater via direct connect or via IP. The TKMD only requires the use of a laptop with a browser as the Key Manager for radio ID authentication and donor radio/repeater messaging. When paired with the TKMD, this configuration is highly portable, has a quick set up time and delivers a locally controlled, fully functional key management facility. This concept of operation lowers lead and preparation time for mission and eliminates the “service center” concept of key management. The TKMD also significantly reduces the management overhead of a KVL-only approach for small missions.CENTRALIZED OR PORTABLE KEY MANAGEMENT
The user-friendly TKMD brings the management of your P25 encryption into one central location or easily portable, making it easier to manage and update the encryption keys used across your organization. The TKMD is an ideal encryption management tool for networks that are geographically dispersed and/or have multiple terminals.
The TKMD can generate both AES-256 and DES-OFB keys using an internal Random Number Generator that is FIPS 140-2 compliant.
The TKMD can interface and accept key material from a KVL-3000+ Key Fill Device (KFD) as well as a KVL-4000. The TKMD can also export locally generated key material to both devices.
Stores up to 3,000 subscribers The TKMD is designed as a distributed Key Management System with the TKMD located (or at least IP connected to) each OTAR Base Station. TKMDs can exchange encrypted files over an IP network to distribute subscriber radio and/or key material throughout the Key Management System.
The TKMD can also function with a central server that will send the subscriber information including key material (if desired) for any unknown subscriber that appears on the OTAR channel serviced by a TKMD. If the local TKMD is working with a central server the ability to handle multiple subscribers is essentially unlimited.
Dashboard supplies radio status by device or group, with visual indication of key updates, and common key references
The TKMD supports Hello, Zeroize, Keyset Change, Warm Start, Key Modify, Key Delete.
The TKMD has been tested successfully with nearly all Project 25 OTAR-capable radios, including: Motorola XTS-5000, Motorola APX, Relm KNG, Harris, ICOM, EF Johnson and Midland Radio. The TKMD has been extensively tested using either the Motorola Quantar or the ICOM Eclipse 2 as a base station.
PROJECTED FIPS140-2 COMPLETION DATE
The TKMD is currently undergoing cryptographic module validation and is on the FIPS 140-2 Modules Under Evaluation list as of June 5, 2017 and will soon transition to the MIP (module in process) list.
TKMD Data Sheet