Simple Key Loader (SKL) - PowerPoint Presentation

Slide1

Simple Key Loader (SKL)

AN/PYQ-10 (C)

1Slide2

AGENDA

INTRODUCTION/CHARACTERISTICS

PHYSICAL FEATURES AND CONTROLS

CALIBRATE/ SET DATE AND TIME

LOG IN PROCEDURES

USER APPLICATION SOFTWARE FAMILIARIZATIONBASIC KEY/LOADSET BREAKDOWNADD EQUIPMENT/ CREATE AND ADD PLATFORMTRANSFER/RECIEVE DATABASE FROM SKL TO SKLLOAD ASIP RADIO/ LOAD DAGR(SINGLE KEY)AUDIT FUNCTION FAMILIARIZATIONPROPER SHUT DOWN PROCEDUREEMERGANCY DISTRUCTION

2Slide3

Safety Considerations

THIS LESSON CONTAINS

NO SAFETY CAUTIONS

3Slide4

References

TM 11-5810-410-13&P, 1 July 2007Operator’s and Field Maintenance Manual

Quick Reference Guide, 1 NOV 08

Simple Key Loader, AN/PYQ-10(C)

CSLA,

SKL Training Material and Practical ExerciseCommunication Support Services, INCSKL User Application Software v3.3 Training MaterialSKL Practical ExerciseNSA Doctrine, Interim Operational Security Doctrine (IDOC) 007-04 Jul 054Slide5

CLASSIFICATION

THIS COURSE IS FOR OFFICIAL USE ONLY

ADDITIONALLY, THIS COURSE IS NOT RELEASABLE TO

MILITARYSTUDENTS FROM

FOREIGN COUNTRIES

IAW DA PAM 25-380-25Slide6

6

Ruggedized Handheld Personal Digital Assistant (PDA)

The

Simple Key Loader

(

SKL) is the replacement for the Data Transfer Device (DTD)Interfaces to Local Management Device/Key Processor (LMD/KP), Automated Communications Engineering Software (ACES), DMD, CT3 DTDsHandles, Views, Stores and Loads SOI, Key, Electronic Protection (EP) DataThe SKL is a Controlled Cryptographic Item (CCI) because of the KOV-21 Information Security (INFOSEC) card imbedded in it.

Authorized up to TS key and Secret Data (SOI)

IntroductionSlide7

SKL vs. DTD

(Data Transfer Device)

SKL Specification DTD

32 bit 400 MHz

(

300 MHz) Processor 8088(4 KHz)3.5” Color Display Display 2 lines 24 characters64 Mg Ram, 64 (32) Mg Flash Mem Storage 512Kb Ram, 256Kb Flash Mem6 pin RS-232 & 2 Mini USB Interface 6 Pin RS-232Rechargeable Battery Packs Power

9 volt or 3 ea 2/3A batteries Key Storage

TEK,KEK 500,000

Traditional

1,000

TEK/KEK

FFK 5,000-8,000

Modern

10-16 FFK

(

plus/minus10%)

AN/PYQ-10 (C) AN/CYZ-10

(SDS information)

7Slide8

SKL Compatibility

Transfer

CT3

RDS

FILL

ANCD

KOI-18

KYK-13

KYX-15

LCMS

ACES

Keys

Database/ Loadset

     SOI         Audit Trail                   Receive CT3 RDS FILL ANCD KOI-18 KYK-13 KYX-15 LCMS ACESKeys         Database/ Loadset         SOI         Audit Trail         Black Key Packet         

8

CT3, RDS, FILL and ANCD is software on a DTDSlide9

9

Army Key Management System (AKMS) Slide10

Controls

10

KOV Light

Inductive Stylus Holder

Zeroize Button

Fill PortPower Button

CIK Access

Inductive Stylus

Brightness Controls

5-Way Control Buttons

(Mouse Mode)

4 General Purpose Buttons

ADT SCREENSlide11

Controls

11

Open and Close Start Menu

Open Selected Application (UAS)

Night Vision Goggle Mode

Activates 5 Way Direction ButtonsSlide12

Mini- A

(TOP, read only)

CIK (one per SKL)

Insert and remove CIK only while turned off

Controls

12

SKL

0N386180-1

D345.686

PAT.

NO.

R

D

a

a

T

K

e

y

Mini- B

(BOTTOM, disabled)

2 - USB portsSlide13

Battery

13Slide14

Battery

Battery IndicatorGreen 100% - 41%

Amber 40% - 11%Red 10% - 0%At 2% Pop up every 30 seconds

At 1% the SKL will automatically shutdown

High Capacity: 60 hrs Standard Capacity: 33hrs

AA Battery Pack: 20 hrsRecharges <2 hrs14Slide15

Questions

Q: At what percentage will the SKL automatically turn off?

A: 1%

15Slide16

10 MINUTE BREAK

16Slide17

Power On - Initialization

17Slide18

Initial SSO Login

18

Active Program ICONSlide19

Initial SSO Login

19Slide20

Initial SSO Login

20Slide21

Initial SSO Login

21Slide22

Initial SSO Login

22Slide23

Re-initialize

NSA Doctrine, Interim Operational Security Doctrine (IDOC) 007-04 Jul 05Upon CIK initialization

LKEK - Local Key Encryption KeyHDPK - Host Data Protection KeyCIK must be re-initialized annually

23Slide24

NSA Doctrine, Interim Operational Security Doctrine (IDOC) 007-04

14. (U//FOUO) Local Key Encryption Key (LKEK) and the Host Data Protection Key (HDPK) - The CIK contains two split keys created upon CIK initialization. These keys perform the encryption and decryption for the SDS/SKL. The split keys are the Local Key Encryption Key (LKEK) and the Host Data Protection Key (HDPK). The LKEK is used for the encryption/decryption of keying material, while the HDPK is used for the encryption/decryption of any information or data that a user may need protected by the SDS/SKL.

a. (U//FOUO) Self-initialization – The SDS/SKL generates a Unique LKEK and HDPK. During initialization, only the splits for the keys are stored on the CIK.

b. (U/FOUO) Re-Initializing – When re-initializing the CIK to create a new LKEK and HDPK, the keys previously protected by that CIK are unrecoverable unless they have first been moved to another device.

c. (U//FOUO) Cryptoperiod – The LKEK and HDPK have a cryptoperiod of one year and must be superseded at that time. This can be accomplished by re-initializing the SDS/SKL and its associated CIK yearly.

24Slide25

Calibrate Procedure

25

Program Switching ICON

Active Program ICONSlide26

Calibrate Stylus

26Slide27

Set Card Clock/Date

27

Set date first then time

Per QRG and TM

Tools – SSO – Set Card Time/Date Slide28

Set Card Clock/Date

28

Tap on month

Tap on yearSlide29

Get Card Clock/Date

29

Yes will set Host to match KOV-21 timeNo will display KOV-21 time

When loading time comes from Host,

Audit trail uses KOV-21 time

Tools – User - Get Card Time/Date Slide30

Questions

Who can set the KOV-21 time and date? SSO

How often does the SKL need re-initialized? Annually

30Slide31

5 MINUTE BREAK

31Slide32

User Application

SoftwareLogging into UAS

SOI Tab Platform TabEquipment Tab

Key Tab

32Slide33

User Application Software (UAS)

33Slide34

User Application Software (UAS)

34Slide35

35

Platforms

Equipment

Keys

SOISlide36

36

Keys Tab

KEY:

Defines the actual Short Title that is resident on the equipment

Key Management

View key attributesDelete keys segmentsDelete expired keys Create key tagsLoading of single or multiple COMSEC keysSlide37

37

Equipment Tab

Equipment:

Defines the actual hardware that is resident on the platform such as:

SINCGARS RADIOPSC-5CARC-220KY-68 phoneKG-175Equipment ManagementAdd/Edit/Delete/Keys and EP DataLoading of Single or Multiple Fill LocationsSlide38

38

Platform Tab

Platform:

An assemblage with logical grouping of radios and/or COMSEC equipment such as:

HMMVSHELTERBDE TOCAPACHE HelicopterPlatform ManagementAdd/Edit/DeleteSequential Loading of Multiple assigned equipmentSlide39

SOI Tab

39

Signal Operating Instructions

Displays the selected SOI Edition along with Pyro and Smoke data. It will also display any Quick Reference entries.Slide40

Key Knowledge

40

Basic Key Break down:

USED

ETD 01 5AT068US: Release prefix “US” constitutes Non releasable to foreign nationals.ED: Functional Relationships “ED” indicates Electronic Distribution.ETD: Indicates if it is a training or operationalKey. 01 is the numerical sequence this key was Generated.5AT068: Indicates the COMSEC Account that Generated The key. Slide41

Key Knowledge

Short Title

Edition

Key

41Slide42

Keys Tab

42

KEY TAG - Key variable is needed

YELLOW KEY - Key variable stored

EXPIRED TAG - Segment date has expiredRED KEY - Key variable date has expiredSlide43

View Key Information

43Slide44

Delete Selected Segments

44Slide45

Destroy Expired Keys

45

View – Key – Expired KeysSlide46

Destroy Expired Keys

46Slide47

FM LOADSET BREAKDOWN

47

FRKS

SINGARS

LOADSETS ARE GENERATED BY THE UNITS

FREQUENCY MANAGER ON THE ACES/JACS

SYSTEM. WITH LIMITED USER INTERACTION.A LOADSET CONSISTS OF 6 ESETS, TSK, 6 CRYPTO-VARIABLE KEYS.

THE CRYPTO-VARIABLE KEYS ARE GENERATED BY

THE UNITS COMSEC CUSTODIAN.

THE LOADSET IS COMMONLY LOCATED UNDER

THE PLATs TAB. Slide48

Associating Crypto Key(s)to a LOADSET

48

-FRKS

-SINCGARS

- C1

- USED 1 TEK - AB -1 - C6 -USED 2 KEK

-AB

-1

- H0

- H1

- H2

- H3

- H4

- H5Slide49

Assign Key to LOADSET

49Slide50

Assign Key to LOADSET

50Slide51

LUNCH BREAK

51Slide52

Add Equipment

52Slide53

Assign Key to Equipment

53Slide54

Add Platform

54

Platform Tab

Add Platform

Other options

Delete PlatformEdit PlatformSlide55

Add Platform

55

Bussed – The SKL will be connected to a Fill Port that is in the Platform but not part of the equipment. Non-Bussed – The SKL will be connected to equipment Fill Port and no Fill Location wakeup or handshake is required.

CMD VEHSlide56

Assign Equipment to Platform

56Slide57

Assign Equipment to Platform

57Slide58

Questions

Can a key tag be assigned to a piece of equipment? Yes

Can you assign multiple pieces of equipment to one platform?Yes

58Slide59

TRANSFERING DATABASE SKL TO SKL

From the Core Library desktop select File from the menu bar

at the top of the screen.Select Transmit

Select

Database

On the Database Transmit Wizard screen you can select to transmit ALL or Part of a database. Select AllUnder Transfer Mode Screen Select SKLSelect NextSKL will instruct to press transmit to transmit database(s) selected. BEFORE YOU PRESS TRANSMIT Set up Receiving SKL.Press Transmit SKL will build databases and begin to send data automatically. Operation Successful dialog box will display when SKL is finished sending.Select OK. SKL will return to the UAS desktop.Disconnect SKLs.From the Core Library desktop select File from the menu bar at the top of the screen.

Select ReceiveSelect

Database

On the

Receive Database Screen

Select Source :

SKL

Profile box will instruct you to connect SKL to SKL.

Select

Receive

SKL will display

Status Screen

you will see the information being transferred in.

When the Database is received a

Save Database now?

dialog box will popup. Select

Yes

.SKL will save database and will display a Operation Successful dialog box when completed.Select

OK. SKL will return to the Received Database screen. If you do not need any more data select Close.SKL will return to the

UAS desktop

and you will see the new Database.

59Slide60

Receive Database

60Slide61

Transmit Database

61Slide62

Transmit Database

62Slide63

Transmit Database

63Slide64

COMSEC PROCEDURES FOR LOADING RTs

WITH THE SIMPLE KEY LOADER (SKL)

TURN ON SKL

Double Click ON

CORE LIBRARY

LOG IN USING LOG IN AND PASSWORDSELECT LAUNCH FROM THE TOOL BAR CLICK OK ON SKLPLEASE WAIT CHECKING AND DECRYPTING DATA BASE IN PROGRESSCLICK OK ON THE START UP INFORMTIONSELECT THE PLATS(PLATFORM) TAB (YOU WILL FIND THE APPROPRATE LOADSET HERE)HIGHLIGHT THE LOADSET YOU WISH TO TRANSMIT.IN THE UPPER RIGHT HAND CORNER DC ON THE LOAD ICONGATHERING DATASINCGARS MODE SELECT TRANSFER TYPEICOM***Place a check in the block for send time.****

SELECT OKLOAD ECU WIZARD

SCREEN IS DISPLAYED

VERIFY EQUIPMENT IS RIGHT SELECT

NEXT

FOLLOW THE INSTRUCTIONS ON THE SCREEN (THIS PRETAINS TO THE RT)

CONNECT CABLE TO THE AUD/FILL PORT

SET FUNCT SWITCH TO LD

SET COMSEC SWITCH TO FH

SET CHAN TO MAN

DEPRESS TWICE HANDSET TO CLEAR ALARM (THIS WILL NOT BE NESSESSARY WHEN USING ASIP)

SELECT SEND WHEN YOU HAVE COMPLETED THE SCREEN

SCREEN DISPLAYS PRESS

LOAD

(PRESS LOAD ON RT)

Transfer successful (RT will display done)

64Slide65

COMSEC PROCEDURES FOR LOADING

DAGRWITH THE SIMPLE KEY LOADER (SKL)

65

SKL

HOOK CABLE FROM DAGR TO SKL

GO TO FILETRANSMITLOAD SELECTED KEYSPLACE CHECKS NEXT TO USKAD 103040 AND USKAD 101040HIGHLIGHT USKAD 103040 USING “UP” BUTTON MOVE 103040 ABOVE 101040 THIS ENSURES PROPER LOADING OF KEYS. BEFORE SELECTING OK DOUBLE CHECK TO MAKE SURE THAT KEYS 103040 AND 101040 STILL ARE SELECTED. SELECT OK, PROTOCOL IS DS 102,ACTIVATE MODE IS KYK-13SELECT OKTRANSMIT ONE KEYONCE TRANSMITTED SKL WILL REPEAT PRIOR STEPS FOR SECOND KEY. DGRCONNECT FILL CABLE TO J1START UPMAIN MENUCOMMUNICATION CRYPTOFILL

HIGHLIGHT DS 101 ENTERENTER TO CHANGE TO DS 102ENTER WAIT Slide66

10 Minute BREAK

66Slide67

Audit Trail

When the Audit Trail was initializedWhen accounts are created/deleted

When accounts are logged on/offAny unsuccessful logon attempts

When an account password is changed

When and what key was received

What device was used to receive the keyWhen and what key was transmittedWhen a key file was transmittedWhen a key was zeroizedWhen the KOV-21 INFOSEC card was zeroizedWhen and what kind of device the SKL was connected to.When the date and time were changedAny alarm codes67Slide68

Audit Trail

68

Must be logged in

as SSO to perform

any Audit Functions

Tools - SSO - Audit FunctionsSlide69

Audit Trail

69Slide70

Audit Trail / Summary Status

70Slide71

Audit Trail / Summary Status

71Slide72

Audit Trail

IDOC 007-04, 22 (U) Audits“Audit information must be uploaded and reviewed, at a minimum, on a semi-annual basis.”IDOC 007-04 22.d (U/FOUO) Deleting

After any audit data has been uploaded or physically recorded, the SSO shall delete the existing audit data from the SDS/SKLTB 380-41, 6.16.2 a (U) Electronic Key Destruction

100% accountability from generation until destruction, Custodians and users must document a positive and uninterrupted audit trail.

6.16.2.a.3. “…any uploaded DTD Audit Trails will be maintained in desktop folders as supporting documentation”

72Slide73

Power Down

73Slide74

Logout

LogoutWait for the green KOV-21 light to turn off

74

KOV LightSlide75

Power Down

75Slide76

Questions

What is the order to Power Down? Exit UAS, Logout, Power Button

76Slide77

Additional References

Manuals and Softwarehttps://rdit.army.mil/commsc/menu.cfm

77Slide78

Additional References

78

https://ekmstier3support.spawar.navy.mil/

Manuals and SoftwareSlide79

79

Warranty Service Contract

CSLA Item Manager: Kim Dorman

Commercial: 520-538-8342

DSN: 879-8342

Email: kim.dorman@us.army.milWarranty InformationSlide80

Questions?

(c) Cassandra LaBeause

80