Newtec Proprietary
Confidentiality: Unrestricted
R3.2_v1.0
298/387
Feature Descriptions
MDM9000 Satellite Modem
16.18.2.2 Key Management System Structure
The following picture details the structure of the AES key management system that is implemented
on all devices.
Group key: This key is entered by the user through any interface and stored in the device. Group
keys are used to decrypt the encrypted content keys. Group keys cannot be read back on any
interface.
• Encrypted content key: There are two encrypted content keys per carrier (when global
encryption is enabled) or two encrypted content keys per ISI (Input Stream Identifier) on each
carrier (if global encryption/decryption is disabled.) For more information on encryption per ISI
refer to GlobalProtectionorProtectionperStreamonpage300.
– The odd encrypted content key and the even encrypted content key. These keys are entered
by the user through any interface and used to compute the corresponding content key which
is stored in the device. Encrypted content keys cannot be read back on any interface.
• Content key: There are two content keys per stream - the odd content key and the even content
key. The content keys are entered by the user through any interface or these keys are computed
from the corresponding encrypted content key. Content keys cannot be read back on any
interface.
• Key decryptor: The key decryptor is an AES decryption engine used to compute the content key
based on the encrypted content key and using the group key as the AES key. The previous
statement is only valid for 128-bit keys. In case of 64-bit keys, a DES decryption engine is used
instead of AES.
To Next Page
Loading...
