Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.
A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.
ISO/IEC 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, and more recently, contactless mobile devices, managed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.
There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.
STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user. When a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission. They then press a button on their telephones and, after a 15-second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contained an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T, RCA and Motorola.
Fortezza is an information security system that uses the Fortezza Crypto Card, a PC Card-based security token. It was developed for the U.S. government's Clipper chip project and has been used by the U.S. Government in various applications.
The National Security Agency took over responsibility for all US government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.
The Electronic Key Management System (EKMS) is a United States National Security Agency led program responsible for Communications Security (COMSEC) key management, accounting, and distribution. Specifically, EKMS generates and distributes electronic key material for all NSA encryption systems whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key material. Additionally, EKMS performs account registration, privilege management, ordering, distribution, and accounting to direct the management and distribution of physical COMSEC material for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.
The KOV-14 Fortezza Plus is a US National Security Agency-approved PC card which provides encryption functions and key storage to Secure Terminal Equipment and other devices. It is a tamper-resistant module based on the Mykotronx Krypton chip, including all of the cryptographic functionality of the original Fortezza card plus the Type 1 algorithms/protocols BATON and Firefly, the SDNS signature algorithm, and the STU-III protocol. It was developed by Mykotronx as part of the NSA's MISSI program. As of 2008, the KOV-14 is beginning to be phased out and replaced by the backwards compatible KSV-21 PC card.
This glossary lists types of keys as the term is used in cryptography, as opposed to door locks. Terms that are primarily used by the U.S. National Security Agency are marked (NSA). For classification of keys according to their usage see cryptographic key types.
The Microsoft Windows platform specific Cryptographic Application Programming Interface is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data. The Crypto API was first introduced in Windows NT 4.0 and enhanced in subsequent versions.
A hardware security module (HSM) is a physical computing device that safeguards and manages secrets, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.
The KYK-13 Electronic Transfer Device is a common fill device designed by the United States National Security Agency for the transfer and loading of cryptographic keys with their corresponding check word. The KYK-13 is battery powered and uses the DS-102 protocol for key transfer. Its National Stock Number is 5810-01-026-9618.
A fill device or key loader is a module used to load cryptographic keys into electronic encryption machines. Fill devices are usually hand held and electronic ones are battery operated.
The AN/PRC-152 Multiband Handheld Radio, is a portable, compact, tactical software-defined combat-net radio manufactured by Harris Corporation. It is compliant without waivers to the Joint Tactical Radio System (JTRS) Software Communications Architecture (SCA). It has received NSA certification for the transmission of Top Secret data.
The AN/PRC-117 translates to "Army/Navy, Portable, Radio, Communication". It is a man-portable, tactical software-defined combat-net radio, manufactured by Harris Corporation, in two different versions:
The KOV-21 is a cryptographic PC card module developed under the auspices of the U.S. National Security Agency and manufactured by Sypris Electronics LLC. It is intended to be the cryptographic engine for next generation key management devices, such as the AN/PYQ-10 key loader, as part of the U.S. Government's Cryptographic Modernization Initiative. Sypris was awarded a contract for production of KOV-21 units in November 2007.
The KIK-30 "Really Simple Key loader" (RASKL) is a fill device made by Sypris Electronics and approved by the US National Security Agency for the distribution of NSA Type 1 cryptographic keys. It can also store and transfer related communications security material, including control data for frequency hopping radios, such as SINCGARS and Have Quick. It can store up to 40 cryptographic keys and has male and female U-229 connectors for the NSA DS-101 and 102 fill protocol, allowing it to be plugged into most other NSA fill devices and EKMS equipment. It is 6.14 inches long, weighs less than one pound and is powered by four AAA batteries. The operator interface has an 8 line of 20 characters and 6 buttons, with what Sypris calls "1-button key squirt" and 2-button zeroize.
NESTOR was a family of compatible, tactical, wideband secure voice systems developed by the U.S. National Security Agency and widely deployed during the Vietnam War through the late Cold War period of the 1980s. NESTOR consists of three systems. The KY-8 was used in vehicular and afloat applications; the KY-28 was the airborne version; and the KY-38 was the portable or man-pack model. About 30,000 NESTOR equipments were produced prior to their replacement by the VINSON secure voice family.
