Secure trunking communication systems are known to comprise a central controller, a plurality of communication units, broadcast units that transceive a limited number communication resources, a console, and a console interface unit(s). Furthermore, a single, system-wide encryption key is often used to provide secure communications within such systems. As the needs of users of secure trunking communication systems have expanded, the availability of multiple encryption keys for use in communications has become a desirable system feature. The provision of multiple encryption keys within secure trunking systems, however, presents problems that have been heretofore unseen.
In particular, the system-wide use of multiple keys can cause key incompatibilities in the event of partial system failures. For example, if there is a loss of communications between the central controller and the console interface unit(s), often referred to as limited service mode, the console can be isolated from communications because the console interface unit(s) have no way of determining which keys are currently being used by various communication units. As another example, if a communication unit powers-up during a period of time in which the central controller is inoperable, often referred to as failsoft mode, the communication unit has no knowledge of which key to utilize in order to communicate with other communication units. Limited service mode and failsoft mode do not present similar problems in single-key systems since the ambiguities regarding key usage are nonexistent.
A possible solution to these problems is to scan all available keys in the system and determine those keys currently in use. In both examples presented above, this would require the console interface unit(s) to attempt communications with each available key. In a system with even a modest number of keys, this method is difficult and inefficient. Therefore a need exists for a method that provides at least limited secure communication services in multiple key systems during periods of limited service or failsoft operation, without requiring the use of key scanning.