Secure radio communication systems are known in the telecommunications art. Security is generally provided in such systems through the use of encryption keys, also known in the art, to facilitate the decoding of transmitted information (e.g., voice, data) that has been encrypted. Each radio in a secure communication system typically includes one or memory elements for storing a multitude of encryption keys, commonly referred to as traffic encryption keys (TEKs), so that different encryption keys can be used for different purposes and at different times. When a different key is to be used for a communication session, the radio is required to first undergo a rekeying process, which can be performed using a key variable loader (KVL) or through use of a key management controller (KMC) as next described.
Generally, a KMC may be employed to rekey the radios in the system using a process referred to in the art as over-the-air-rekeying (OTAR). To facilitate receipt of OTAR messages, each radio might contain two key encryption keys (KEKs), i.e., keys used to decrypt rekeying messages to obtain a new TEK. One KEK is unique to the radio and is typically referred to as the unique key encryption key (UKEK), while the other KEK is common to a group of radios (e.g., talk group) and is typically referred to as the common key encryption key (CKEK). The OTAR messages contain TEKs for voice/data use and can be sent to a single radio using that radio's UKEK, or to a group of radios using the group's CKEK.
As an example of how the two KEKs are used, groups of radios are rekeyed by sending OTAR messages encrypted with the CKEK. However, this process may not result in all the radios being rekeyed--e.g., some may have been turned off or out of range when the OTAR message was sent. In this event, the units in the group that do not acknowledge receipt of the CKEK rekey sequence must be rekeyed individually. OTAR messages encrypted with the individual units UKEK are then sent to each of the individual units that did not acknowledge the CKEK encrypted OTAR message. In this manner, the traffic encryption key--or keys, for a multiple key system--are updated using OTAR messages and stored in the radio's internal memory.
However, the foregoing scheme has several limitations that may result in breaches in security--e.g., during a private call. In particular, a single TEK system can guarantee security only from radios outside the group, as each radio in the group must have the same TEK. In such systems, private calls between two subscribers are not possible. In a multiple TEK system, there is some degree of security from group members, but the level of security is limited by the number of keys that can be stored. In particular, TEK storage in the radio is limited, so it would be impractical--if not impossible--to provide a different TEK for every possible call.
Using as an example a secure, private call between two parties, a TEK storage location is used for all such calls in the system. The shared use of a limited number--often only one key--of private call TEKs does not provide security internal to the system because all units contain the private call TEK(s). Typically, for a particular call type (e.g., a private call), the group is assigned a single TEK for use in all calls of this type. Thus, group members that are not participants in a private call, for example, would simply need to scan the available frequencies to engage the private call using the single TEK reserved for such calls.
Accordingly, there exists a need for a secure communication system that is not constrained by the shortcomings of the prior art. In particular, such a system would be capable of providing secure communications to a selective group of radios in a manner that could not be readily compromised. Further, such a system that took advantage of OTAR capabilities of today's systems to facilitate secure communications in a private call, would be an improvement over the prior art.