MM-014716-001
41
The emergency dismiss timer is cleared when the emergency is cleared.
7.30 ENCRYPTION In the OpenSky network, both data and voice use a 128-bit or 256-bit key encryption standard published
by the Federal Information Processing Service (FIPS), called Advanced Encryption Standard (AES). AES
is approved by the U.S. Department of Commerce for encryption of classified materials.
When encryption is enabled on the network, data is encrypted from the MDIS to the Mobile End System
(MES) (e.g., M7300 mobile radio). This form of encryption provides air-link security.
Voice encryption is handled either automatically or manually. Automatic encryption is initiated through
the Unified Administration Server (UAS) for a specific talk group and requires nothing from the user.
Manual encryption is initiated by two or more radio users and requires system model control heads. Both
methods of encryption are discussed in the following sections.
7.30.1 Automatic Encryption
For automatic encryption, a network administrator will select the talk group to be encrypted at the
interface to the UAS. Once the talk groups have been selected and identified as secure, credentials for key
generation are generated automatically by the system and provisioned to authorized users. This process
requires that authorized users login to the network and be authenticated. Encryption keys require no
manual handling and are never sent “in the clear” over any network interface or air-link.
1. “Pls Login” appears displayed in the bottom line of the dwell display.
2. Login normally using the keypad on a system model control head to enter User ID and Password.
If a user is engaged in a call on a talk group encrypted at the network administrator level, “Secure Call”
will appear in the bottom line of the dwell display if the user is logged in to that talk group.
If a secure call is in progress elsewhere and the user has not logged in, the bottom of the dwell display
will alternate between “No Access” and the alias of the radio that is currently engaged in the secure call.
7.30.2 Manual Encryption (System Model)
Two or more users can manually encrypt a call, if enabled, without an established encrypted talk group. A
pre-determined key is required at each radio.
The key must be pre-determined by the users prior to making a manually encrypted call
on a talk group and is entered into the radio using the keypad. For 128 bit encryption, this
key is between 1 and 16 digits. For 256 bit encryption, this key is between 17 and 32
digits.
If two communicating radios have different (manually-defined) keys, receive audio at
each radio will sound garbled.
With manual encryption enabled, unencrypted radio users on the talk group can still make standard voice
(unencrypted) calls on the talk group. However, if an unencrypted user attempts to transmit on the talk
group when one of the encrypted users is already transmitting on the talk group, the unencrypted radio
will sound a deny tone and “No Access” will appear in the display. Also, the encrypted user can hear
standard unencrypted calls, but cannot respond while still manually encrypted.