Secure trunking communication systems are known to comprise a resource allocator, a plurality of communication units, broadcast units that transceive a limited number of communication resources, a console(s) and corresponding console interface unit(s). Furthermore, a single, system-wide encryption key is often used, by the communication units and the console interface units, to provide secure communications within such systems. As the needs of users of secure trunking communication systems have expanded, the availability of multiple encryption keys for use in communications has become a desirable system feature. The provision of multiple encryption keys within secure trunking systems, however, does not decrease the likelihood of failed encryption keys within communication units and console interface units.
An encryption key, typically stored in volatile memory such as RAM (random-access memory), can fail as a result of corruption of the key, loss of any portion of the key, or any other circumstance that renders the key unusable for secure communications. Within multiple key systems, particular keys are often associated with groups of communication units, referred to as talkgroups. If a particular key fails within a console interface unit(s), the console(s) within the system may be unable to communicate securely with the corresponding talkgroup. Likewise, failure of a particular key within a communication unit prevents that unit from participating in the corresponding talkgroup's secure communications. Assuming that an operator receives notification of a key failure, one solution to this problem is to switch to an unencrypted communications mode. Of course, this solution is contrary to the need for secure communications and is generally unacceptable.
Another solution might require the user to select a different talkgroup and hence, a different key. An undesirable side-effect of this solution is that the second talkgroup may include parties not originally intended to receive the communication, leaving the possibility for compromised security. Therefore, a need exists for a method that allows secure communications to be established despite the occurrence of a key failure and that does not create a potential loss of security.