Many communication systems enable secure communications between a sending device and a receiving device by the use of symmetric traffic encryption keys (TEKs) comprising an encryption key and a decryption key that are identical and that are used to maintain a private information link between the devices. In this manner, the symmetric TEKs are said to represent a shared secret between the sending and receiving devices because both the encryption key and the decryption key are known by all devices that use them. However, the symmetric TEKs must be securely provisioned in the sending and receiving devices before they can be used. Moreover, if the sending and receiving devices are, for example, from different agencies and have a need to interoperate (such as at an incident scene), a Key Management Facility (KMF) for each agency, which facilitates secure key management and distribution for devices used by agency personnel, would need to agree upon a set of symmetric keys for use by the devices of both agencies.
It is known to use symmetric key encryption keys (KEKs) to securely transfer the symmetric TEKs from a KMF to an endpoint device. As with the symmetric TEKs, the symmetric KEKs represent a shared secret between the KMF and the endpoint device. The problem is that use of symmetric KEKs involves potentially complex key management procedures and can involve out-of-band (e.g., manual or otherwise) seeding of initial KEKs, which can introduce additional risk to the system. Moreover, symmetric key management can be tedious and inconvenient in most scenarios, particularly at an incident scene where two agencies need to communicate with each other without prior notice.
Thus, there exists a need for a mechanism for securely transferring symmetric encryption keys in a communication system.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help improve understanding of various embodiments. In addition, the description and drawings do not necessarily require the order illustrated. It will be further appreciated that certain actions and/or steps may be described or depicted in a particular order of occurrence while those skilled in the art will understand that such specificity with respect to sequence is not actually required. Apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the various embodiments so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein. Thus, it will be appreciated that for simplicity and clarity of illustration, common and well-understood elements that are useful or necessary in a commercially feasible embodiment may not be depicted in order to facilitate a less obstructed view of these various embodiments.