Key management methods and communication protocol for secure communication systems

摘要

Key management methods and communication protocol adapted to reduce the burden placed upon a key delivery device (e.g., KVL) operator. The KVL (101, 401) receives KMM frames (800) including a target destination field (826) and a key management message field (830). Key management messages (KMMs) to be delivered to various targets are included within the key management message fields. The KVL identifies targets either from target destination identifiers in the target destination field (if the KMM is to be delivered encrypted or “black” transfer to target) or from target destination identifiers in the KMM itself (if the KMM is to delivered unencrypted or “red” transfer to target). The KVL determines candidate devices to be targets if they correspond to the target destination identifiers and if so, the KVL automatically delivers the proper key management messages to the respective targets. Key management messages are not delivered to candidate devices not determined to be targets. Outcomes, e.g., success or failure, of attempted deliveries of key management messages are communicated from the target devices to the KVL, and from the KVL to a key management facility (KMF). The method is useful for first-time rekeying or for ongoing rekeying.