Present day communication systems allow for reprogramming of radio encryption information (also known as "encryption keys" or "keys") using a central encryption station which transmits encryption information to remote radios which are part of the communication system using radio frequency (RF) signals. This over-the-air transmission of encryption information requires a computer data base to be kept in order to keep track of which encryption keys have been assigned to which radios in the system.
Although over-the-air (OTAR) encryption systems are well known in the art, some brief definitions of some common terms used in the art are given below:
traffic encryption key: A key used to encrypt and decrypt voice messages. PA1 common shadow key: A key used to encrypt the traffic keys that a sent to subscribers. PA1 talk group: A user-defined group of subscribers that need to be able to communicate. Subscribers in a talk group will have one traffic encryption key in common between all of the subscribers in the group. PA1 rekey group: A group of subscribers that belong to the same combination of talk groups. The subscribers in a rekey group will have the same set of traffic keys and will also share a common shadow key. These groups are transparent to the user.
Referring to FIG. 1, there is shown a block diagram of a prior art trunked radio communication system 100 in accordance with the invention. Radio communication system 100 includes a plurality of communication devices 200 such as two-way subscriber radios, mobile radios, fixed stations, etc. A controller interface 102 (such as a Digital Interface Unit manufactured by Motorola, Inc.) is included as part of the system and provides encryption functions and interface to a set of communication channel resource, such as repeater 106. The controller interface 102 also provides access between the communication channel resources 106 and the Key Management Controller (KMC) 104 and/or a manned control console such as a central controller 110 which may be utilized to coordinate the system's communication activity.
Control console 110 includes a speaker and other audio switching hardware for monitoring the received messages from repeaters 106 and a transmission means which includes a microphone and audio routing circuitry for transmitting messages to the communication devices 200. Control signals originating at control console 104 are transmitted via a dedicated control channel 108 to radios 200 which monitor the control channel for control information on a routine basis. Control console 110 is in charge of assigning voice/data repeaters 106 to groups of radios 200. Control console 110 also sends control signals to radios 200 which automatically direct groups of radios 200 to appropriate repeaters 106.
The controller interface 102 provides the encryption function for both voice/data and other types of information messages during both transmit and receive operations. Although FIG. 1 is shown as a trenched system, the present invention can also be used in cellular and other types of communication systems. Repeaters 106 which are connected to the controller interface 102 each comprise a transmitter and receiver section for use in communicating with communication devices 200.
Coupled to controller interface 102 is an encryption key management controller 104 such as a Key Management Controller (KMC) manufactured by Motorola, Inc. KMC 104 is a computerized system which includes a database means such as a computerized database of all system users, as well as encryption key information for all communication devices. KMC 104 also includes control software for determining which units have been rekeyed and which have not. KMC 104 decides when to poll each of the communication devices 200 in order to reprogram their encryption information after the system administrator decides to change the communication device's encryption keys. KMC 104 can be programmed to automatically update the communication device's encryption keys.
KMC 104 establishes communication with the communication units 200 via control channel 108 which is another repeater which allows the KMC bi-directional communication capability with the communication devices 200. Although shown as separate units, controller interface 102 and KMC 104 could be combined to form an integrated system controller. Furthermore, the KMC 104 and controller interface 102 may be utilized without the presence of a manned audio control console 108 in systems where audio is not required at the KMC location.
The KMC 104 also sets up mappings of encryption keys describing what keys should be loaded into which particular radios. These maps are then assigned to a rekey group and individual radios users are then assigned to the rekey groups. Presently, the procedure for assigning a group of radio subscribers their own traffic encryption key requires the steps of first, removing the subscribers from their current rekey groups. Next, a new rekey group is created for every rekey group that has a subscriber that will be in the new rekey group. A new map is then created with the appropriate traffic encryption keys for each new rekey group. Finally, the subscribers are added to their new rekey groups.
In FIG. 2, a block diagram of the functions performed by prior art KMC 104 are shown. In order to assign a group of radios their own traffic encryption key using this KMC configuration the radio users are first removed from their current rekey groups. Next, a new rekey group must be created for every rekey group that has a subscriber that will be in the new group. A new map must then be created with the appropriate traffic encryption keys for each new rekey group. Finally, the radio must be added to their new rekey groups.
In the prior art KMC, blocks 206 and 212 are the only functions which can be accomplished automatically by the KMC without the need for user involvement.
The problem with the above process is that keeping track of rekey groups and maps can become cumbersome as the communication system becomes larger (i.e., more radio subscribers are added to the system). Given this problem, their exists in the art a need for a method and apparatus for automatically mapping encryption information to radios.