Printer Friendly

Army key management system--update.

The Army Key Management System is a fielded system composed of three sub-systems, Local Communications Security Management Software, Automated Communications Engineering Software, and the Data Transfer Device with Common Tier 3 software. Product Manager Network Operations-Current Force has developed a DTD replacement, the Simple Key Loader which will be fielded over a five year plan FY05-FY10. AKMS was fielded to the Army under the umbrella of the objective National Security Agency Electronic Key Management System, the AKMS fielding has involved several LCMS software upgrades beginning with Release Three fielded in 1999, Phase Four 2004, and Phase five scheduled for implementation in 2006.

LCMS and ACES courses are two weeks in length and are available via the Army Training Requirements and Resources System. SKL training is via interactive multimedia Instruction, which is provided as part of the fielding package. PdM NETOPS-CF and the Signal Center Directorate of Training are scheduled to coordinate the development of an SKL POI to be integrated into the courses where DTD's are taught as a peripheral device.

Change 4 of the AKMS Operational Requirements Document dated Jan. 25, 2005, was submitted for AROC approval in January 2006. Change 4 documented the requirement to support future Programs for creation, distribution, and use of black (i.e. encrypted) key for end to end encryption.

Department of Defense Key Management Infrastructure is a supporting infrastructure to generate, distribute and manage key products for the crypto inventory used to protect national security information. EKMS/AKMS (Local Management Device/Key Processor) will begin a transition to KMI beginning in fiscal year 2008 timeframe. KMI will be implemented by the steady rollout of Capability Increments, to deliver time-phased CIs toward end-state IA objectives consistent with the overarching Global Information Grid and Cryptographic Modernization capability requirements.

KMI CI-2 will be the first increment in creating a single framework for modernizing and unifying the management of keys used to encode and decode information for use by the DoD in war and peacetime. This framework will not introduce single points of mission failures. KMI is a critical foundation element for ensuring an adequate security posture for national security systems by providing transparent cryptographic capabilities consistent with operational imperatives and mission environments.

The starting point for KMI CI-2 will be to leverage EKMS Phase V capabilities as a baseline. New capabilities have been identified and will aid in a transformation from the current key management infrastructure to a new paradigm for key management via net-centric operations (e.g. Over The Net Keying). As the developer of KMI, NSA is responsible for developing a KMI transition plan in partnership with the Services. The transition plan will delineate how each component in EKMS will be replaced, modified or sustained as the new capabilities of CI-2 are introduced.

In the CI-2 timeframe, EKMS Tier 2 will be replaced by the KMI Client Node. KMI Client Node will provide all of the functional capabilities that the current (LMD/KP) provides (via new transport connecting to the PRSN) while adding new capability to support the net-centric operations. The new KMI Client Node and associated PRSN functionality is scheduled to be delivered early in CI-2 to facilitate the transition. By delivering this capability early, the services can migrate to KMI, removing the need to operate two workstations to sustain operations. An end of life (targeted for Full Operational Capability [FOC] of CI-2) for the LMD/KP node of EKMS is dependent on replacing the 1,400+ operational Tier 2 accounts. In CI-2, Tier 1 will continue to operate; however, as CI-2 moves from Spiral 1 to IOC, functionality of Tier 1 will be migrated to the new KMI components. Likewise, Tier 0 will continue to operate during CI-2, providing key generation support to the new KMI.

CI-2 is targeted to provide key provisioning services for Networked

ECU's to include:

* Provides initial Ordering, Delivery, Accounting, etc. over the Net

* Symmetric/Asymmetric Key to IP based ECUs like HAIPE

* Converges EKMS and KMI from the ECU and End User viewpoint

* Provides Suite A & B symmetric key via KMI Client

* Builds a foundation for CI-3 to enhance networked provisioning services

In the CI-3 timeframe, the intention of the DoD Key Management Infrastructure Program Office is to discontinue the use of EKMS Tier 0 and Tier 1 operations once FOC for CI-3 is achieved (beyond FY2015).

TSM WIN-T's POC for AKMS and KMI transition questions is Al Walton. He can be reached by telephone at (706) 791-2316/DSN 780-2316 or by email at


ACES--Automated Communications Engineering Software AKMS--Army Key Management System CI--capability increments COMSEC--communications security CT3--Common Tier 3 DTD--Data Transfer Device EKMS--Electronic Key Management System FOC--Full Operational Capability FY--fiscal year KMI--Key Management Infrastructure KP--Key Processor LCMS--Local COMSEC Management Software LMD--Local Management Device NSA--National Security Agency ORD--Operational Requirements Document OTNK--over the net keying PdM NETOPS-CF--Product Manager Network Operations-Current Force SKL--simple key loader

Mr. Walton is with TSM-Win-T at Fort Gordon, Ga.
COPYRIGHT 2006 U.S. Army Signal Center
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:TSM-WIN-T
Author:Walton, Al
Publication:Army Communicator
Date:Mar 22, 2006
Previous Article:JTRS program restructuring.
Next Article:AN/TSC-156A, SHF Triband SATCOM Terminal--'Phoenix'.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters