Simple Key Loader (SKL)

AN/PYQ-10 (C)

AGENDA

• INTRODUCTION/CHARACTERISTICS

• PHYSICAL FEATURES AND CONTROLS

• CALIBRATE/ SET DATE AND TIME

• LOG IN PROCEDURES

• USER APPLICATION SOFTWARE FAMILIARIZATION

• BASIC KEY/LOADSET BREAKDOWN

• ADD EQUIPMENT/ CREATE AND ADD PLATFORM

• TRANSFER/RECIEVE DATABASE FROM SKL TO SKL

• LOAD ASIP RADIO/ LOAD DAGR(SINGLE KEY)

• AUDIT FUNCTION FAMILIARIZATION

• PROPER SHUT DOWN PROCEDURE

• EMERGANCY DISTRUCTION

2

Safety Considerations

THIS LESSON CONTAINS

NO SAFETY CAUTIONS

3

References

• TM 11-5810-410-13&P, 1 July 2007– Operator’s and Field Maintenance Manual

• Quick Reference Guide, 1 NOV 08– Simple Key Loader, AN/PYQ-10(C)

• CSLA,– SKL Training Material and Practical Exercise

• Communication Support Services, INC– SKL User Application Software v3.3 Training Material– SKL Practical Exercise

• NSA Doctrine, Interim Operational Security Doctrine (IDOC) 007-04 Jul 05

4

CLASSIFICATION

THIS COURSE IS

FOR OFFICIAL USE ONLY

ADDITIONALLY, THIS COURSE IS NOT RELEASABLE TO

MILITARYSTUDENTS FROM FOREIGN COUNTRIES IAW DA PAM 25-380-2

5

6

• Ruggedized Handheld Personal Digital Assistant (PDA)

• The Simple Key Loader (SKL) is the replacement for the Data Transfer Device (DTD)

• Interfaces to Local Management Device/Key Processor (LMD/KP), Automated Communications Engineering Software (ACES), DMD, CT3 DTDs

• Handles, Views, Stores and Loads SOI, Key, Electronic Protection (EP) Data

• The SKL is a Controlled Cryptographic Item (CCI) because of the KOV-21 Information Security (INFOSEC) card imbedded in it.

• Authorized up to TS key and Secret Data (SOI)

Introduction

SKL vs. DTD (Data Transfer Device)

SKL Specification DTD

32 bit 400 MHz (300 MHz) Processor 8088(4 KHz)

3.5” Color Display Display 2 lines 24 characters

64 Mg Ram, 64 (32) Mg Flash Mem Storage 512Kb Ram, 256Kb Flash Mem

6 pin RS-232 & 2 Mini USB Interface 6 Pin RS-232

Rechargeable Battery Packs Power 9 volt or 3 ea 2/3A batteries

Key Storage

TEK,KEK 500,000 Traditional 1,000 TEK/KEK

FFK 5,000-8,000 Modern 10-16 FFK

(plus/minus10%)

AN/PYQ-10 (C) AN/CYZ-10

(SDS information)

9

Army Key Management

System (AKMS)

Controls

10

KOV Light

Inductive Stylus Holder

Zeroize Button

Fill Port

Power Button

CIK Access

Inductive Stylus

Brightness Controls

5-Way Control Buttons(Mouse Mode)

4 General Purpose Buttons

ADT SCREEN

Controls

11

1. Open and Close Start Menu2. Open Selected Application (UAS)3. Night Vision Goggle Mode4. Activates 5 Way Direction Buttons

– Mini- A (TOP, read only)

• CIK (one per SKL)• Insert and remove CIK only

while turned off

Controls

SKL0N386180-1

D345.686

PAT. NO.

RDa aT Key

– Mini- B(BOTTOM,

disabled) • 2 - USB ports

Battery

13

Battery

• Battery Indicator– Green 100% - 41%– Amber 40% - 11%– Red 10% - 0%

• At 2% Pop up every 30 seconds

• At 1% the SKL will automatically shutdown

• High Capacity: 60 hrs Standard Capacity: 33hrs

• AA Battery Pack: 20 hrs• Recharges <2 hrs

14

Questions

Q: At what percentage will the SKL automatically turn off?

A: 1%

15

10 MINUTE BREAK

16

Power On - Initialization

17

Initial SSO Login

18Active Program ICON

Initial SSO Login

19

Initial SSO Login

20

Initial SSO Login

21

Initial SSO Login

22

Re-initialize

NSA Doctrine, Interim Operational Security Doctrine (IDOC) 007-04 Jul 05

• Upon CIK initialization – LKEK - Local Key Encryption Key– HDPK - Host Data Protection Key

• CIK must be re-initialized annually

23

NSA Doctrine, Interim Operational Security Doctrine (IDOC) 007-04

• 14. (U//FOUO) Local Key Encryption Key (LKEK) and the Host Data Protection Key (HDPK) - The CIK contains two split keys created upon CIK initialization. These keys perform the encryption and decryption for the SDS/SKL. The split keys are the Local Key Encryption Key (LKEK) and the Host Data Protection Key (HDPK). The LKEK is used for the encryption/decryption of keying material, while the HDPK is used for the encryption/decryption of any information or data that a user may need protected by the SDS/SKL.

• a. (U//FOUO) Self-initialization – The SDS/SKL generates a Unique LKEK and HDPK. During initialization, only the splits for the keys are stored on the CIK.

• b. (U/FOUO) Re-Initializing – When re-initializing the CIK to create a new LKEK and HDPK, the keys previously protected by that CIK are unrecoverable unless they have first been moved to another device.

• c. (U//FOUO) Cryptoperiod – The LKEK and HDPK have a cryptoperiod of one year and must be superseded at that time. This can be accomplished by re-initializing the SDS/SKL and its associated CIK yearly.

Calibrate Procedure

25

Program Switching ICONActive Program ICON

Calibrate Stylus

26

Set Card Clock/Date

27

Set date first then timePer QRG and TM

Tools – SSO – Set Card Time/Date

Set Card Clock/Date

28

Tap on month Tap on year

Get Card Clock/Date

29

Yes will set Host to match KOV-21 time

No will display KOV-21 time

When loading time comes from Host, Audit trail uses KOV-21 time

Tools – User - Get Card Time/Date

Questions

• Who can set the KOV-21 time and date?

SSO

• How often does the SKL need re-initialized?

Annually

30

5 MINUTE BREAK

31

User Application Software

• Logging into UAS• SOI Tab • Platform Tab• Equipment Tab• Key Tab

32

User Application Software (UAS)

33

User Application Software (UAS)

34

35

Platforms Equipment

Keys SOI

36

Keys Tab• KEY:

Defines the actual Short Title that is resident on the equipment

• Key Management– View key attributes– Delete keys segments– Delete expired keys – Create key tags

• Loading of single or multiple COMSEC keys

37

Equipment Tab• Equipment:

Defines the actual hardware that is resident on the platform such as: – SINCGARS RADIO– PSC-5C– ARC-220– KY-68 phone– KG-175

• Equipment Management– Add/Edit/Delete/Keys and

EP Data

• Loading of Single or Multiple Fill Locations

38

Platform Tab

• Platform:An assemblage with logical grouping of radios and/or COMSEC equipment such as: – HMMV– SHELTER– BDE TOC– APACHE Helicopter

• Platform Management– Add/Edit/Delete

• Sequential Loading of Multiple assigned equipment

SOI Tab

39

• Signal Operating Instructions

• Displays the selected SOI Edition along with Pyro and Smoke data. It will also display any Quick Reference entries.

Key Knowledge

40

Basic Key Break down:

USED ETD 01 5AT068

US: Release prefix “US” constitutes Non releasable to foreign nationals.ED: Functional Relationships “ED” indicates Electronic Distribution.

ETD: Indicates if it is a training or operationalKey.

01 is the numerical sequence this key was Generated.

5AT068: Indicates the COMSEC Account that Generated The key.

Key Knowledge

Short Title

Edition

Key

Keys Tab

42

• KEY TAG - Key variable is needed

• YELLOW KEY - Key variable stored

• EXPIRED TAG - Segment date has expired

• RED KEY - Key variable date has expired

View Key Information

43

Delete Selected Segments

44

Destroy Expired Keys

45View – Key – Expired Keys

Destroy Expired Keys

46

FM LOADSET BREAKDOWN

FRKSSINGARS

LOADSETS ARE GENERATED BY THE UNITS FREQUENCY MANAGER ON THE ACES/JACSSYSTEM. WITH LIMITED USER INTERACTION.

A LOADSET CONSISTS OF 6 ESETS, TSK, 6 CRYPTO-VARIABLE KEYS. THE CRYPTO-VARIABLE KEYS ARE GENERATED BY THE UNITS COMSEC CUSTODIAN.

THE LOADSET IS COMMONLY LOCATED UNDERTHE PLATs TAB.

Associating Crypto Key(s)to a LOADSET

-FRKS -SINCGARS - C1

- USED 1 TEK - AB -1 - C6 -USED 2 KEK

-AB -1

- H0 - H1 - H2 - H3 - H4 - H5

Assign Key to LOADSET

49

Assign Key to LOADSET

50

LUNCH BREAK

51

Add Equipment

52

Assign Key to Equipment

53

Add Platform

54

Platform Tab

-Add Platform

-Other options- Delete Platform- Edit Platform

Add Platform

55

Bussed – The SKL will be connected to a Fill Port that is in the Platform but not part of the equipment.

Non-Bussed – The SKL will be connected to equipment Fill Port and no Fill Location wakeup or handshake is required.

CMD VEH

Assign Equipment to Platform

56

Assign Equipment to Platform

57

Questions

• Can a key tag be assigned to a piece of equipment?

Yes

• Can you assign multiple pieces of equipment to one platform?

• Yes

58

TRANSFERING DATABASE SKL TO

SKL• From the Core Library desktop select File from the menu bar at the top of the screen.

• Select Transmit • Select Database• On the Database Transmit Wizard screen you can

select to transmit ALL or Part of a database. Select All

• Under Transfer Mode Screen Select SKL• Select Next• SKL will instruct to press transmit to transmit

database(s) selected. BEFORE YOU PRESS TRANSMIT Set up Receiving SKL.

• Press Transmit SKL will build databases and begin to send data automatically.

• Operation Successful dialog box will display when SKL is finished sending.

• Select OK. SKL will return to the UAS desktop.• Disconnect SKLs.

• From the Core Library desktop select File from the menu bar at the top of the screen.

• Select Receive• Select Database• On the Receive Database Screen Select Source :

SKL• Profile box will instruct you to connect SKL to SKL. • Select Receive• SKL will display Status Screen you will see the

information being transferred in.• When the Database is received a Save Database

now? dialog box will popup. Select Yes.• SKL will save database and will display a Operation

Successful dialog box when completed.• Select OK. SKL will return to the Received

Database screen. If you do not need any more data select Close.

• SKL will return to the UAS desktop and you will see the new Database.

Receive Database

60

Transmit Database

61

Transmit Database

62

Transmit Database

63

COMSEC PROCEDURES FOR LOADING RTs WITH THE SIMPLE KEY LOADER (SKL)

TURN ON SKL Double Click ON CORE LIBRARYLOG IN USING LOG IN AND PASSWORDSELECT LAUNCH FROM THE TOOL BAR CLICK OK ON SKL

PLEASE WAIT CHECKING AND DECRYPTING DATA BASE IN PROGRESS

CLICK OK ON THE START UP INFORMTIONSELECT THE PLATS(PLATFORM) TAB (YOU WILL FIND THE APPROPRATE LOADSET HERE)HIGHLIGHT THE LOADSET YOU WISH TO TRANSMIT.IN THE UPPER RIGHT HAND CORNER DC ON THE LOAD ICON

GATHERING DATASINCGARS MODE SELECT TRANSFER TYPE

ICOM***Place a check in the block for send time.****

SELECT OKLOAD ECU WIZARD SCREEN IS DISPLAYEDVERIFY EQUIPMENT IS RIGHT SELECT NEXTFOLLOW THE INSTRUCTIONS ON THE SCREEN (THIS PRETAINS TO THE RT)

CONNECT CABLE TO THE AUD/FILL PORTSET FUNCT SWITCH TO LDSET COMSEC SWITCH TO FHSET CHAN TO MANDEPRESS TWICE HANDSET TO CLEAR ALARM (THIS WILL NOT BE NESSESSARY WHEN USING ASIP)

SELECT SEND WHEN YOU HAVE COMPLETED THE SCREENSCREEN DISPLAYS PRESS LOAD (PRESS LOAD ON RT)Transfer successful (RT will display done)

COMSEC PROCEDURES FOR LOADING DAGR

WITH THE SIMPLE KEY LOADER (SKL)

SKLHOOK CABLE FROM DAGR TO SKLGO TO FILETRANSMITLOAD SELECTED KEYSPLACE CHECKS NEXT TO USKAD 103040 AND USKAD 101040HIGHLIGHT USKAD 103040 USING “UP” BUTTON MOVE 103040 ABOVE 101040 THIS ENSURES PROPER LOADING OF KEYS. BEFORE SELECTING OK DOUBLE CHECK TO MAKE SURE THAT KEYS 103040 AND 101040 STILL ARE SELECTED. SELECT OK, PROTOCOL IS DS 102,ACTIVATE MODE IS KYK-13SELECT OKTRANSMIT ONE KEYONCE TRANSMITTED SKL WILL REPEAT PRIOR STEPS FOR SECOND KEY.

DGRCONNECT FILL CABLE TO J1START UPMAIN MENUCOMMUNICATION CRYPTOFILLHIGHLIGHT DS 101 ENTERENTER TO CHANGE TO DS 102ENTER WAIT

10 Minute BREAK

66

Audit Trail

• When the Audit Trail was initialized• When accounts are created/deleted• When accounts are logged on/off• Any unsuccessful logon attempts• When an account password is changed• When and what key was received• What device was used to receive the key• When and what key was transmitted• When a key file was transmitted• When a key was zeroized• When the KOV-21 INFOSEC card was zeroized• When and what kind of device the SKL was connected to.• When the date and time were changed• Any alarm codes

67

Audit Trail

68

Must be logged in as SSO to performany Audit Functions

Tools - SSO - Audit Functions

Audit Trail

69

Audit Trail / Summary Status

70

Audit Trail / Summary Status

71

Audit Trail

• IDOC 007-04, 22 (U) Audits– “Audit information must be uploaded and reviewed, at a

minimum, on a semi-annual basis.”

• IDOC 007-04 22.d (U/FOUO) Deleting– After any audit data has been uploaded or physically recorded,

the SSO shall delete the existing audit data from the SDS/SKL

• TB 380-41, 6.16.2 a (U) Electronic Key Destruction– 100% accountability from generation until destruction,

Custodians and users must document a positive and uninterrupted audit trail.

– 6.16.2.a.3. “…any uploaded DTD Audit Trails will be maintained in desktop folders as supporting documentation”

72

Power Down

73

Logout

• Logout

• Wait for the green KOV-21 light to turn off

74

KOV Light

Power Down

75

Questions

• What is the order to Power Down?• Exit UAS, Logout, Power Button

76

79

● Warranty Service Contract

● CSLA Item Manager: Kim Dorman

Commercial: 520-538-8342

DSN: 879-8342

Email: kim.dorman@us.army.mil

Warranty Information

Questions?

80