The Black Box Key Management Equipment (BBKME II) is a high security embedded device used to transport crypto material between Ground Control Centers (GCC), Galileo Sensor Stations (GSS) and satellites. The BBKME is able to securely store and distribute black and red key data of different classifications and key lengths.

For an overview of all provided key management services related to the depicted segments, please refer to the Cybels Key Management Centre (Cybels KMC).

© Thales

The BBKME II features a secure audit function that accurately records the date and time of relevant security events. For safety reasons, the BBMKE II includes a secure emergency erase function (zeroisation).

The device can differentiate between 20 crypto operators. Furthermore, the BBKME II supports communication with Payload or Platform Security Unit (PxSU) devices, that are similarly used as a Hardware Security Module (HSM).

Thales’ BKKME is used by Galileo authorities, including the Global Navigation Satellite Systems Agency (GSA), as well as by nations and their organisations responsible for Galileo Key Management, such as the National Distribution Agencies (NDA), the Military and the National Security Agencies. In addition, it is used by companies involved in the Galileo development and operation, such as Thales Alenia Space (TAS), OHB and the German Aerospace Centre (DLR).

Main functions

  • Secure transport and management of key files and configuration files
  • External BBKME Interface for communication with Hardware Security Modules (HSMs) and PxSU devices
  • Receipt and storage of key or configuration files downloaded from the HSM and PxSU devices
  • Recording and storage of audit events in audit files
  • Upload of audit files on demand
  • Implemented set of remote commands to manage key and configuration data of the PxSU device

Interfaces

Ports

  • FILL port  for crypto hosts
  • Power supply port with 9 Volt DC 150mA
  • Crypto Ignition Key (CIK) slot for removable user access token

Protocols

  • Serial protocol
  • RS-485 64 kbps synchronous, HDLC protocol

Human-Machine Interface 

  • Keypad: 43 keys
  • Display: 6 x 20 characters

© Thales

Physical characteristics

Temperature

  • Operation: +10°C to +40°C
  • Storage: -20°C to +50°C

Weight

  • 2 kg

Dimensions

  • Height: 55 mm
  • Width: 240 mm
  • Depth: 198 mm

Power supply

  • Two 1.5 Volt C batteries
  • Optional external power supply

Electromagnetic compatibility

  • In accordance with VG-Giudelines 95353

Security characteristics

Classification

  • Without key material: RESTREINT UE/EU RESTRICTED
  • With key material and CIK up to: SECRET UE/EU SECRET

Accredited to

  • TEMPEST: SDIP 27 Level A
  • COMSEC: Common Criteria EAL 4 augmented by AVA.VAN4

Export limitations

  • Controlled Cryptographic Item

Operational security

  • Removable user access token, Crypto Ignition Key (CIK)
  • Tamper protection and detection
  • Emergency erasure (zeroization)

© Thales

 

Works with

Documents
Contact
Thales Deutschland GmbH
de-cybels-kmc@thalesgroup.com