Simple Key Loader (SKL)

AN/PYQ-10 (C)
 AGENDA
• INTRODUCTION/CHARACTERISTICS

• PHYSICAL FEATURES AND CONTROLS

• CALIBRATE/ SET DATE AND TIME

• LOG IN PROCEDURES

• USER APPLICATION SOFTWARE FAMILIARIZATION

• BASIC KEY/LOADSET BREAKDOWN

• ADD EQUIPMENT/ CREATE AND ADD PLATFORM

• TRANSFER/RECIEVE DATABASE FROM SKL TO SKL

• LOAD ASIP RADIO/ LOAD DAGR(SINGLE KEY)

• AUDIT FUNCTION FAMILIARIZATION

• PROPER SHUT DOWN PROCEDURE

• EMERGANCY DISTRUCTION

2
 Safety Considerations

THIS LESSON CONTAINS

NO SAFETY CAUTIONS

3
 References

• TM 11-5810-410-13&P, 1 July 2007

– Operator’s and Field Maintenance Manual

• Quick Reference Guide, 1 NOV 08

– Simple Key Loader, AN/PYQ-10(C)

• CSLA,
– SKL Training Material and Practical Exercise

• Communication Support Services, INC

– SKL User Application Software v3.3 Training Material
– SKL Practical Exercise

• NSA Doctrine, Interim Operational Security Doctrine

(IDOC) 007-04 Jul 05

4
 CLASSIFICATION

THIS COURSE IS
FOR OFFICIAL USE ONLY

ADDITIONALLY, THIS COURSE

IS NOT RELEASABLE TO
MILITARYSTUDENTS FROM
FOREIGN COUNTRIES
IAW DA PAM 25-380-2

5
 Introduction
• Ruggedized Handheld Personal Digital Assistant (PDA)

• The Simple Key Loader (SKL) is the replacement for the Data Transfer
Device (DTD)

• Interfaces to Local Management Device/Key Processor (LMD/KP),

Automated Communications Engineering Software (ACES), DMD, CT3
DTDs

• Handles, Views, Stores and Loads SOI, Key, Electronic Protection (EP) Data

• The SKL is a Controlled Cryptographic Item (CCI) because of the KOV-21

Information Security (INFOSEC) card imbedded in it.

• Authorized up to TS key and Secret Data (SOI)

6
 SKL vs. DTD
(Data Transfer Device)
AN/PYQ-10 (C) AN/CYZ-10

SKL Specification DTD

32 bit 400 MHz (300 MHz) Processor 8088(4
KHz)
3.5” Color Display Display 2 lines 24 characters
64 Mg Ram, 64 (32) Mg Flash Mem Storage 512Kb Ram, 256Kb Flash
Mem
6 pin RS-232 & 2 Mini USB Interface 6 Pin
RS-232
Rechargeable Battery Packs Power 9 volt or 3 ea 2/3A
batteries
Key Storage
TEK,KEK 500,000 Traditional 1,000 TEK/KEK
FFK 5,000-8,000 Modern 10-16 FFK
(SDS information)
(plus/minus10%)
 Army Key
Management
System
(AKMS) 9
 Controls
Fill Port
KOV Light
Zeroize Button

Power Button

Inductive Stylus
Holder Inductive Stylus

ADT SCREEN

4 General Purpose Buttons

CIK Access
5-Way Control
Buttons
(Mouse Mode)
Brightness Controls
10
 Controls

1. Open and Close Start Menu

2. Open Selected Application (UAS)
3. Night Vision Goggle Mode
4. Activates 5 Way Direction Buttons

11
 Controls
– Mini- B
(BOTTOM,
disabled) • 2 - USB ports

– Mini- A
(TOP, read only)

PAT.
D a Ta
D345.686
NO.
K ey R • CIK (one per SKL)
0N386180-1

SKL • Insert and remove CIK only

while turned off
Battery

13
 Battery

• Battery Indicator
– Green 100% - 41%
– Amber 40% - 11%
– Red 10% - 0%
• At 2% Pop up every 30
seconds
• At 1% the SKL will
automatically shutdown
• High Capacity: 60 hrs
Standard Capacity: 33hrs
• AA Battery Pack: 20 hrs
• Recharges <2 hrs

14
 Questions

Q: At what percentage will the SKL

automatically turn off?

A: 1%

15
10 MINUTE BREAK

16
Power On - Initialization

17
 Initial SSO Login

Active Program ICON

18
Initial SSO Login

19
Initial SSO Login

20
Initial SSO Login

21
Initial SSO Login

22
 Re-initialize

NSA Doctrine, Interim Operational Security

Doctrine (IDOC) 007-04 Jul 05

• Upon CIK initialization

– LKEK - Local Key Encryption Key
– HDPK - Host Data Protection Key

• CIK must be re-initialized annually

23
 NSA Doctrine, Interim Operational Security Doctrine
(IDOC) 007-04

• 14. (U//FOUO) Local Key Encryption Key (LKEK) and the Host
Data Protection Key (HDPK) - The CIK contains two split keys
created upon CIK initialization. These keys perform the encryption
and decryption for the SDS/SKL. The split keys are the Local Key
Encryption Key (LKEK) and the Host Data Protection Key (HDPK).
The LKEK is used for the encryption/decryption of keying material,
while the HDPK is used for the encryption/decryption of any
information or data that a user may need protected by the SDS/SKL.
• a. (U//FOUO) Self-initialization – The
SDS/SKL generates a Unique LKEK and HDPK. During
initialization, only the splits for the keys are stored on the CIK.
• b. (U/FOUO) Re-Initializing – When re-
initializing the CIK to create a new LKEK and HDPK, the keys
previously protected by that CIK are unrecoverable unless they
have first been moved to another device.
• c. (U//FOUO) Cryptoperiod – The LKEK and
HDPK have a cryptoperiod of one year and must be superseded at
that time. This can be accomplished by re-initializing the SDS/SKL
and its associated CIK yearly.
 Calibrate Procedure

Active Program ICON Program Switching ICON

25
Calibrate Stylus

26
 Set Card Clock/Date

Set date first then time

Per QRG and TM

Tools – SSO – Set Card Time/Date

27
 Set Card Clock/Date

Tap on month Tap on year

28
Get Card Clock/Date

Tools – User - Get Card Time/Date

Yes will set Host to match KOV-21 time

No will display KOV-21 time

When loading time comes from Host,

Audit trail uses KOV-21 time

29
 Questions

• Who can set the KOV-21 time and date?

SSO

• How often does the SKL need re-initialized?

Annually

30
5 MINUTE BREAK

31
 User Application Software

• Logging into UAS

• SOI Tab
• Platform Tab
• Equipment Tab
• Key Tab

32
User Application
Software (UAS)

33
User Application
Software (UAS)

34
Platforms Equipment

Keys SOI

35
Keys Tab
• KEY:
Defines the actual Short
Title that is resident on the
equipment
• Key Management
– View key attributes
– Delete keys segments
– Delete expired keys
– Create key tags
• Loading of single or
multiple COMSEC keys

36
Equipment Tab
• Equipment:
Defines the actual hardware
that is resident on the platform
such as:
– SINCGARS RADIO
– PSC-5C
– ARC-220
– KY-68 phone
– KG-175
• Equipment Management
– Add/Edit/Delete/Keys and
EP Data
• Loading of Single or
Multiple Fill Locations
37
Platform Tab
• Platform:
An assemblage with logical
grouping of radios and/or
COMSEC equipment such as:

– HMMV
– SHELTER
– BDE TOC
– APACHE Helicopter
• Platform Management
– Add/Edit/Delete

• Sequential Loading of Multiple

assigned equipment

38
SOI Tab

• Signal Operating Instructions

• Displays the selected SOI

Edition along with Pyro and
Smoke data. It will also display
any Quick Reference entries.

39
 Key Knowledge

Basic Key Break down:

USED ETD 01 5AT068

US: Release prefix “US” constitutes

Non releasable to foreign nationals.
ED: Functional Relationships “ED” indicates
Electronic Distribution.

ETD: Indicates if it is a training or operational

Key.

01 is the numerical sequence this key was

Generated.

5AT068: Indicates the COMSEC Account that

Generated The key.

40
 Key Knowledge

Short Title

Edition

Key
 Keys Tab

• KEY TAG - Key variable is needed

• YELLOW KEY - Key variable stored

• EXPIRED TAG - Segment date has expired

• RED KEY - Key variable date has expired

42
View Key Information

43
Delete Selected Segments

44
 Destroy Expired Keys

View – Key – Expired Keys

45
Destroy Expired Keys

46
 FM LOADSET BREAKDOWN

LOADSETS ARE GENERATED BY THE UNITS

FREQUENCY MANAGER ON THE ACES/JACS
SYSTEM. WITH LIMITED USER INTERACTION.
FRKS
SINGARS A LOADSET CONSISTS OF 6 ESETS, TSK, 6 CRYP
VARIABLE KEYS.

THE CRYPTO-VARIABLE KEYS ARE GENERATED

THE UNITS COMSEC CUSTODIAN.

THE LOADSET IS COMMONLY LOCATED UNDER

THE PLATs TAB.
 Associating Crypto Key(s)
to a LOADSET

-FRKS
-SINCGARS
- C1
- USED 1 TEK
- AB
-1
- C6
-USED 2 KEK
-AB
-1
- H0
- H1
- H2
- H3
- H4
- H5
Assign Key to LOADSET

49
Assign Key to LOADSET

50
LUNCH BREAK

51
Add Equipment

52
Assign Key to Equipment

53
 Add Platform

Platform Tab

-Add Platform

-Other options
- Delete Platform
- Edit Platform

54
 Add Platform

CMD VEH
Bussed – The SKL will be connected to a
Fill Port that is in the Platform but not part
of the equipment.

Non-Bussed – The SKL will be

connected to equipment Fill Port and no
Fill Location wakeup or handshake is
required.

55
Assign Equipment to
Platform

56
Assign Equipment to
Platform

57
 Questions

• Can a key tag be assigned to a piece of

equipment?
Yes

• Can you assign multiple pieces of equipment to

one platform?
• Yes

58
 TRANSFERING
DATABASE SKL TO
•

•
SKL
From the Core Library desktop select File from the
menu bar at the top of the screen.
Select Transmit
•

•
From the Core Library desktop select File from the
menu bar at the top of the screen.
Select Receive
• Select Database • Select Database
• On the Database Transmit Wizard screen you can • On the Receive Database Screen Select Source :
select to transmit ALL or Part of a database. Select SKL
All • Profile box will instruct you to connect SKL to SKL.
• Under Transfer Mode Screen Select SKL • Select Receive
• Select Next • SKL will display Status Screen you will see the
• SKL will instruct to press transmit to transmit information being transferred in.
database(s) selected. BEFORE YOU PRESS • When the Database is received a Save Database
TRANSMIT Set up Receiving SKL. now? dialog box will popup. Select Yes.
• Press Transmit SKL will build databases and begin • SKL will save database and will display a Operation
to send data automatically. Successful dialog box when completed.
• Operation Successful dialog box will display when • Select OK. SKL will return to the Received
SKL is finished sending. Database screen. If you do not need any more data
• Select OK. SKL will return to the UAS desktop. select Close.
• Disconnect SKLs. • SKL will return to the UAS desktop and you will
see the new Database.
Receive Database

60
Transmit Database

61
Transmit Database

62
Transmit Database

63
COMSEC PROCEDURES FOR LOADING RTs
WITH THE SIMPLE KEY LOADER (SKL)
TURN ON SKL
Double Click ON CORE LIBRARY
LOG IN USING LOG IN AND PASSWORD
SELECT LAUNCH FROM THE TOOL BAR
CLICK OK ON SKL
PLEASE WAIT CHECKING AND DECRYPTING DATA BASE
IN PROGRESS
CLICK OK ON THE START UP INFORMTION
SELECT THE PLATS(PLATFORM) TAB (YOU WILL FIND THE
APPROPRATE LOADSET HERE)
HIGHLIGHT THE LOADSET YOU WISH TO TRANSMIT.
IN THE UPPER RIGHT HAND CORNER DC ON THE LOAD ICON
GATHERING DATA
SINCGARS MODE SELECT TRANSFER TYPE
ICOM
***Place a check in the block for send time.****
SELECT OK
LOAD ECU WIZARD SCREEN IS DISPLAYED
VERIFY EQUIPMENT IS RIGHT SELECT NEXT
FOLLOW THE INSTRUCTIONS ON THE SCREEN (THIS PRETAINS
TO THE RT)
CONNECT CABLE TO THE AUD/FILL PORT
SET FUNCT SWITCH TO LD
SET COMSEC SWITCH TO FH
SET CHAN TO MAN
DEPRESS TWICE HANDSET TO CLEAR ALARM (THIS WILL NOT
BE NESSESSARY WHEN USING ASIP)
SELECT SEND WHEN YOU HAVE COMPLETED THE SCREEN
SCREEN DISPLAYS PRESS LOAD (PRESS LOAD ON RT)
Transfer successful (RT will display done)
 COMSEC PROCEDURES FOR LOADING
DAGR
WITH THE SIMPLE KEY LOADER (SKL)

SKL
HOOK CABLE FROM DAGR TO SKL
GO TO FILE
TRANSMIT
LOAD SELECTED KEYS
PLACE CHECKS NEXT TO USKAD 103040
AND USKAD 101040
DGR HIGHLIGHT USKAD 103040
CONNECT FILL CABLE TO J1 USING “UP” BUTTON MOVE 103040
START UP ABOVE 101040 THIS ENSURES PROPER
MAIN MENU LOADING OF KEYS.
COMMUNICATION BEFORE SELECTING OK DOUBLE CHECK
CRYPTOFILL TO MAKE SURE THAT KEYS 103040 AND
HIGHLIGHT DS 101 ENTER 101040 STILL ARE SELECTED.
ENTER TO CHANGE TO DS 102 SELECT OK,
ENTER PROTOCOL IS DS 102,
WAIT ACTIVATE MODE IS KYK-13
SELECT OK
TRANSMIT ONE KEY
ONCE TRANSMITTED SKL WILL REPEAT
PRIOR STEPS FOR SECOND KEY.
10 Minute BREAK

66
 Audit Trail

• When the Audit Trail was initialized

• When accounts are created/deleted
• When accounts are logged on/off
• Any unsuccessful logon attempts
• When an account password is changed
• When and what key was received
• What device was used to receive the key
• When and what key was transmitted
• When a key file was transmitted
• When a key was zeroized
• When the KOV-21 INFOSEC card was zeroized
• When and what kind of device the SKL was connected to.
• When the date and time were changed
• Any alarm codes

67
 Audit Trail

Must be logged in
as SSO to perform
any Audit Functions

Tools
- SSO
- Audit Functions

68
Audit Trail

69
Audit Trail / Summary Status

70
Audit Trail / Summary Status

71
 Audit Trail

• IDOC 007-04, 22 (U) Audits

– “Audit information must be uploaded and reviewed, at a
minimum, on a semi-annual basis.”
• IDOC 007-04 22.d (U/FOUO) Deleting
– After any audit data has been uploaded or physically recorded,
the SSO shall delete the existing audit data from the SDS/SKL
• TB 380-41, 6.16.2 a (U) Electronic Key Destruction
– 100% accountability from generation until destruction,
Custodians and users must document a positive and
uninterrupted audit trail.
– 6.16.2.a.3. “…any uploaded DTD Audit Trails will be maintained
in desktop folders as supporting documentation”

72
Power Down

73
 Logout

• Logout

• Wait for the

green KOV-21
light to turn off

KOV Light

74
Power Down

75
 Questions

• What is the order to Power Down?

• Exit UAS, Logout, Power Button

76
 Warranty Information

● Warranty Service Contract

● CSLA Item Manager: Kim Dorman

Commercial: 520-538-8342
DSN: 879-8342
Email: [email protected]

79
Questions?

80