Encrypted voice and data systems are well known. Many of these systems provide secure communication between two or more users by sharing one piece of information between the users, which permits only those users knowing it to properly decrypt the message. This piece of information is known as the encryption key variable, or key for short. Loading this key into the actual encryption device in the secure communication unit is a basic requirement that allows secure communication to occur. To retain security over a long period of time, the keys are changed periodically, typically weekly or monthly.
Loading new keys, called rekeying, can be done in various ways. Over-the-channel rekeying is achieved by transmitting the encrypted keys from a central keyloading site either individually or simultaneously to all units in the group over a typical encrypted communication channel.
Manual rekeying is accomplished by plugging a cable from a portable, hand-held keyloading device (also called a key variable loader, or keyloader for short) to the secure unit and downloading the keys from the keyloader into the secure unit by pressing the appropriate buttons on the keyloader. Over-the-channel rekeying takes a few seconds, and the process involved in manual keyloading, including locating the unit, connecting the loader, etc., takes much longer.
Before over-the-channel rekeying was available, manual rekeying was the primary technique available for rekeying. In communication systems with hundreds of users, it was necessary to have several keyloaders to rekey the entire system in a reasonable amount of time. These keyloaders are not inexpensive and require manual entry of keys, a time-consuming procedure that is prone to operator error and is inherently a security risk. It is possible to download unencrypted keys from one keyloader to another, called cloning, by connecting the keyloaders together via a cable, thereby removing operator error during the entry of the key variables. Keyloaders are typically spread over the entire area of the system, which can be thousands of square kilometers. This makes exclusive use of cloning impractical for a large system.
It is evident that use of an over-the-channel rekeying system is a big time-saver and a security improvement when rekeying a large system. Using such a system reduces the need for a large number of keyloaders. There may be older secure units in the system that are incapable of over-the-channel rekeying or there may be some remote areas in the system that are out of range of the over-the-channel rekey system, thus keyloaders are still needed. These keyloaders must still receive the new keys, and the old problems of distance, time, operator error, and security risk have not gone away.
With the continually increasing size of systems and the growing need for system security, it is apparent that a more practical approach to key distribution for keyloaders is essential.