Simple Key Loader SKL ANPYQ10 C AGENDA INTRODUCTIONCHARACTERISTICS

Simple Key Loader (SKL) AN/PYQ-10 (C)

AGENDA • INTRODUCTION/CHARACTERISTICS • PHYSICAL FEATURES AND CONTROLS • CALIBRATE/ SET DATE AND TIME • LOG IN PROCEDURES • USER APPLICATION SOFTWARE FAMILIARIZATION • BASIC KEY/LOADSET BREAKDOWN • ADD EQUIPMENT/ CREATE AND ADD PLATFORM • TRANSFER/RECIEVE DATABASE FROM SKL TO SKL • LOAD ASIP RADIO/ LOAD DAGR(SINGLE KEY) • AUDIT FUNCTION FAMILIARIZATION • PROPER SHUT DOWN PROCEDURE • EMERGANCY DISTRUCTION 2

Safety Considerations THIS LESSON CONTAINS NO SAFETY CAUTIONS 3

References • TM 11 -5810 -410 -13&P, 1 July 2007 – Operator’s and Field Maintenance Manual • Quick Reference Guide, 1 NOV 08 – Simple Key Loader, AN/PYQ-10(C) • CSLA, – SKL Training Material and Practical Exercise • Communication Support Services, INC – SKL User Application Software v 3. 3 Training Material – SKL Practical Exercise • NSA Doctrine, Interim Operational Security Doctrine (IDOC) 007 -04 Jul 05 4

CLASSIFICATION THIS COURSE IS FOR OFFICIAL USE ONLY ADDITIONALLY, THIS COURSE IS NOT RELEASABLE TO MILITARYSTUDENTS FROM FOREIGN COUNTRIES IAW DA PAM 25 -380 -2 5

Introduction • Ruggedized Handheld Personal Digital Assistant (PDA) • The Simple Key Loader (SKL) is the replacement for the Data Transfer Device (DTD) • Interfaces to Local Management Device/Key Processor (LMD/KP), Automated Communications Engineering Software (ACES), DMD, CT 3 DTDs • Handles, Views, Stores and Loads SOI, Key, Electronic Protection (EP) Data • The SKL is a Controlled Cryptographic Item (CCI) because of the KOV-21 Information Security (INFOSEC) card imbedded in it. • Authorized up to TS key and Secret Data (SOI) 6

SKL vs. DTD (Data Transfer Device) AN/PYQ-10 (C) SKL 32 bit 400 MHz (300 MHz) KHz) 3. 5” Color Display 64 Mg Ram, 64 (32) Mg Flash Mem AN/CYZ-10 Specification Processor Display Storage 6 pin RS-232 & 2 Mini USB RS-232 Interface Rechargeable Battery Packs batteries Power DTD 8088(4 2 lines 24 characters 512 Kb Ram, 256 Kb Flash 6 Pin 9 volt or 3 ea 2/3 A Key Storage TEK, KEK 500, 000 FFK 5, 000 -8, 000 (SDS information) Traditional Modern 1, 000 TEK/KEK 10 -16 FFK

Army Key Management System (AKMS) 9

Controls KOV Light Fill Port Zeroize Button Power Button Inductive Stylus Holder Inductive Stylus ADT SCREEN 4 General Purpose Buttons CIK Access 5 -Way Control Buttons (Mouse Mode) Brightness Controls 10

Controls 1. 2. 3. 4. Open and Close Start Menu Open Selected Application (UAS) Night Vision Goggle Mode Activates 5 Way Direction Buttons 11

Controls – Mini- B (BOTTOM, disabled) • 2 - USB ports – Mini- A (TOP, read only) PAT. D a Ta D 345. 686 0 N 386180 -1 SKL NO. K ey R • CIK (one per SKL) • Insert and remove CIK only while turned off 12

Battery 13

Battery • Battery Indicator – Green 100% - 41% – Amber 40% - 11% – Red 10% - 0% • At 2% Pop up every 30 seconds • At 1% the SKL will automatically shutdown • High Capacity: 60 hrs Standard Capacity: 33 hrs • AA Battery Pack: 20 hrs • Recharges <2 hrs 14

Questions Q: At what percentage will the SKL automatically turn off? A: 1% 15

10 MINUTE BREAK 16

Power On - Initialization 17

Initial SSO Login Active Program ICON 18

Initial SSO Login 19

Initial SSO Login 20

Initial SSO Login 21

Initial SSO Login 22

Re-initialize NSA Doctrine, Interim Operational Security Doctrine (IDOC) 007 -04 Jul 05 • Upon CIK initialization – LKEK - Local Key Encryption Key – HDPK - Host Data Protection Key • CIK must be re-initialized annually 23

NSA Doctrine, Interim Operational Security Doctrine (IDOC) 007 -04 (U//FOUO) Local Key Encryption Key (LKEK) and the Host • 14. Data Protection Key (HDPK) - The CIK contains two split keys created upon CIK initialization. These keys perform the encryption and decryption for the SDS/SKL. The split keys are the Local Key Encryption Key (LKEK) and the Host Data Protection Key (HDPK). The LKEK is used for the encryption/decryption of keying material, while the HDPK is used for the encryption/decryption of any information or data that a user may need protected by the SDS/SKL. • a. (U//FOUO) Self-initialization – The SDS/SKL generates a Unique LKEK and HDPK. During initialization, only the splits for the keys are stored on the CIK. • b. (U/FOUO) Re-Initializing – When re-initializing the CIK to create a new LKEK and HDPK, the keys previously protected by that CIK are unrecoverable unless they have first been moved to another device. • c. (U//FOUO) Cryptoperiod – The LKEK and HDPK have a cryptoperiod of one year and must be superseded at that time. This can be accomplished by re-initializing the SDS/SKL and its associated CIK yearly. 24

Calibrate Procedure Active Program ICON Program Switching ICON 25

Calibrate Stylus 26

Set Card Clock/Date Set date first then time Per QRG and TM Tools – SSO – Set Card Time/Date 27

Set Card Clock/Date Tap on month Tap on year 28

Get Card Clock/Date Tools – User - Get Card Time/Date Yes will set Host to match KOV-21 time No will display KOV-21 time When loading time comes from Host, Audit trail uses KOV-21 time 29

Questions • Who can set the KOV-21 time and date? SSO • How often does the SKL need re-initialized? Annually 30

5 MINUTE BREAK 31

User Application Software • • • Logging into UAS SOI Tab Platform Tab Equipment Tab Key Tab 32

User Application Software (UAS) 33

User Application Software (UAS) 34

Platforms Equipment Keys SOI 35

Keys Tab • KEY: Defines the actual Short Title that is resident on the equipment • Key Management – – View key attributes Delete keys segments Delete expired keys Create key tags • Loading of single or multiple COMSEC keys 36

Equipment Tab • Equipment: Defines the actual hardware that is resident on the platform such as: – SINCGARS RADIO – PSC-5 C – ARC-220 – KY-68 phone – KG-175 • Equipment Management – Add/Edit/Delete/Keys and EP Data • Loading of Single or Multiple Fill Locations 37

Platform Tab • Platform: An assemblage with logical grouping of radios and/or COMSEC equipment such as: – – HMMV SHELTER BDE TOC APACHE Helicopter • Platform Management – Add/Edit/Delete • Sequential Loading of Multiple assigned equipment 38

SOI Tab • Signal Operating Instructions • Displays the selected SOI Edition along with Pyro and Smoke data. It will also display any Quick Reference entries. 39

Key Knowledge Basic Key Break down: USED ETD 01 5 AT 068 US: Release prefix “US” constitutes Non releasable to foreign nationals. ED: Functional Relationships “ED” indicates Electronic Distribution. ETD: Indicates if it is a training or operational Key. 01 is the numerical sequence this key was Generated. 5 AT 068: Indicates the COMSEC Account that Generated The key. 40

Key Knowledge Short Title Edition Key 41

Keys Tab • KEY TAG - Key variable is needed • YELLOW KEY - Key variable stored • EXPIRED TAG - Segment date has expired • RED KEY - Key variable date has expired 42

View Key Information 43

Delete Selected Segments 44

Destroy Expired Keys View – Key – Expired Keys 45

Destroy Expired Keys 46

FM LOADSET BREAKDOWN LOADSETS ARE GENERATED BY THE UNIT FREQUENCY MANAGER ON THE ACES/JAC SYSTEM. WITH LIMITED USER INTERACTIO FRKS SINGARS A LOADSET CONSISTS OF 6 ESETS, TSK, 6 VARIABLE KEYS. THE CRYPTO-VARIABLE KEYS ARE GENER THE UNITS COMSEC CUSTODIAN. THE LOADSET IS COMMONLY LOCATED UN THE PLATs TAB. 47

Associating Crypto Key(s) to a LOADSET -FRKS -SINCGARS - C 1 - USED 1 TEK - AB -1 - C 6 -USED 2 KEK -AB -1 - H 0 - H 1 - H 2 - H 3 - H 4 - H 5 48

Assign Key to LOADSET 49

Assign Key to LOADSET 50

LUNCH BREAK 51

Add Equipment 52

Assign Key to Equipment 53

Add Platform Tab -Add Platform -Other options -Delete Platform -Edit Platform 54

Add Platform CMD VEH Bussed – The SKL will be connected to a Fill Port that is in the Platform but not part of the equipment. Non-Bussed – The SKL will be connected to equipment Fill Port and no Fill Location wakeup or handshake is required. 55

Assign Equipment to Platform 56

Assign Equipment to Platform 57

Questions • Can a key tag be assigned to a piece of equipment? Yes • Can you assign multiple pieces of equipment to one platform? • Yes 58

• • • TRANSFERING DATABASE SKL TO SKL From the Core Library desktop select File from the menu bar at the top of the screen. Select Transmit Select Database On the Database Transmit Wizard screen you can select to transmit ALL or Part of a database. Select All Under Transfer Mode Screen Select SKL Select Next SKL will instruct to press transmit to transmit database(s) selected. BEFORE YOU PRESS TRANSMIT Set up Receiving SKL. Press Transmit SKL will build databases and begin to send data automatically. Operation Successful dialog box will display when SKL is finished sending. Select OK. SKL will return to the UAS desktop. Disconnect SKLs. • • • From the Core Library desktop select File from the menu bar at the top of the screen. Select Receive Select Database On the Receive Database Screen Select Source : SKL Profile box will instruct you to connect SKL to SKL. Select Receive SKL will display Status Screen you will see the information being transferred in. When the Database is received a Save Database now? dialog box will popup. Select Yes. SKL will save database and will display a Operation Successful dialog box when completed. Select OK. SKL will return to the Received Database screen. If you do not need any more data select Close. SKL will return to the UAS desktop and you will see the new Database. 59

Receive Database 60

Transmit Database 61

Transmit Database 62

Transmit Database 63

COMSEC PROCEDURES FOR LOADING RT WITH THE SIMPLE KEY LOADER (SKL) TURN ON SKL Double Click ON CORE LIBRARY LOG IN USING LOG IN AND PASSWORD SELECT LAUNCH FROM THE TOOL BAR CLICK OK ON SKL PLEASE WAIT CHECKING AND DECRYPTING DATA BASE IN PROGRESS CLICK OK ON THE START UP INFORMTION SELECT THE PLATS(PLATFORM) TAB (YOU WILL FIND THE APPROPRATE LOADSET HERE) HIGHLIGHT THE LOADSET YOU WISH TO TRANSMIT. IN THE UPPER RIGHT HAND CORNER DC ON THE LOAD ICON GATHERING DATA SINCGARS MODE SELECT TRANSFER TYPE ICOM ***Place a check in the block for send time. **** SELECT OK LOAD ECU WIZARD SCREEN IS DISPLAYED VERIFY EQUIPMENT IS RIGHT SELECT NEXT FOLLOW THE INSTRUCTIONS ON THE SCREEN (THIS PRETAINS TO THE RT) CONNECT CABLE TO THE AUD/FILL PORT SET FUNCT SWITCH TO LD SET COMSEC SWITCH TO FH SET CHAN TO MAN DEPRESS TWICE HANDSET TO CLEAR ALARM (THIS WILL NOT BE NESSESSARY WHEN USING ASIP) SELECT SEND WHEN YOU HAVE COMPLETED THE SCREEN DISPLAYS PRESS LOAD (PRESS LOAD ON RT) Transfer successful (RT will display done) 64

COMSEC PROCEDURES FOR LOADING DAGR SKL HOOK CABLE FROM DAGR TO SKL WITH THE SIMPLE KEY LOADER (SKL) GO TO FILE DGR CONNECT FILL CABLE TO J 1 START UP MAIN MENU COMMUNICATION CRYPTOFILL HIGHLIGHT DS 101 ENTER TO CHANGE TO DS 102 ENTER WAIT TRANSMIT LOAD SELECTED KEYS PLACE CHECKS NEXT TO USKAD 103040 AND USKAD 101040 HIGHLIGHT USKAD 103040 USING “UP” BUTTON MOVE 103040 ABOVE 101040 THIS ENSURES PROPER LOADING OF KEYS. BEFORE SELECTING OK DOUBLE CHECK TO MAKE SURE THAT KEYS 103040 AND 101040 STILL ARE SELECTED. SELECT OK, PROTOCOL IS DS 102, ACTIVATE MODE IS KYK-13 SELECT OK TRANSMIT ONE KEY ONCE TRANSMITTED SKL WILL REPEAT PRIOR STEPS FOR SECOND KEY. 65

10 Minute BREAK 66

Audit Trail • • • • When the Audit Trail was initialized When accounts are created/deleted When accounts are logged on/off Any unsuccessful logon attempts When an account password is changed When and what key was received What device was used to receive the key When and what key was transmitted When a key file was transmitted When a key was zeroized When the KOV-21 INFOSEC card was zeroized When and what kind of device the SKL was connected to. When the date and time were changed Any alarm codes 67

Audit Trail Must be logged in as SSO to perform any Audit Functions Tools - SSO - Audit Functions 68

Audit Trail 69

Audit Trail / Summary Status 70

Audit Trail / Summary Status 71

Audit Trail • IDOC 007 -04, 22 (U) Audits – “Audit information must be uploaded and reviewed, at a minimum, on a semi-annual basis. ” • IDOC 007 -04 22. d (U/FOUO) Deleting – After any audit data has been uploaded or physically recorded, the SSO shall delete the existing audit data from the SDS/SKL • TB 380 -41, 6. 16. 2 a (U) Electronic Key Destruction – 100% accountability from generation until destruction, Custodians and users must document a positive and uninterrupted audit trail. – 6. 16. 2. a. 3. “…any uploaded DTD Audit Trails will be maintained in desktop folders as supporting documentation” 72

Power Down 73

Logout • Wait for the green KOV-21 light to turn off KOV Light 74

Power Down 75

Questions • What is the order to Power Down? • Exit UAS, Logout, Power Button 76

Warranty Information ● Warranty Service Contract ● CSLA Item Manager: Kim Dorman Commercial: 520 -538 -8342 DSN: 879 -8342 Email: kim. dorman@us. army. mil 79

Questions? (c) Cassandra La. Beause 80