The Key Processing Entity (KPE III) is a high security embedded device used for key generation, encryption and decryption. KPE III processes all crypto material within the protected crypto core.
For an overview of all provided key management services concerning generation, preparation, loading and PKI features, please refer to the Cybels Key Management Centre Defence (Cybels KMC Defence) solutions.
The KPE III stores crypto material and complements different scenarios throughout the life cycle. It provides encryption and decryption functionality for Local Management Entities (LMEs) which represent nodes of a distribution network. KPE III, the successor of KPE II is fully backwards compatible with all functions of the KPE II. The KPE III is only sold in conjunction with the Crypto Material Distribution And Management (VESUV) system, an Electronic Key Management System (EKMS) currently used by the German Armed Forces.
The cryptographic processing is performed on the KPE III within the protected crypto core. The KPE III ensures high confidentiality of all data transmitted and at rest. The device is secured against unauthorised use through an identity management system limiting device access. The device provides three different roles for users as well as a Two-Factor Authentication (2FA) with a smart card and user password. After successful device authentication with a user-specific smart card, all device functions - limited to the user - are accessible. Removing the smart card from the KPE III immediately blocks access to the device.
The KPE III can be operated at the highest of security levels. Furthermore, the device supports bulk generation and black key single port loading when using a Key Loading Management System (KLMS) within the Cybels KMC Defence.
- Cryptographic capabilities to secure crypto variables and large data files
- Encryption capabilities between different encryption types such as internal or in transport
- Generates PTG.3 conform random variables and key types used in Cybels KMC Defence
- Extended storage space for crypto materials such as Encryption Keys
- Performance-driven crypto core and enhanced tamper protection
- Updatable crypto algorithm suite ensuring future interoperability
- Two-Factor Authentication (2FA) with smart card and user password
- Enhanced diagnostics and maintenance reports
- External interfaces: Security token, optical interface, DS-101
- Backward compatibility (EKMS 308 Rev C, DTD II)
- Functional backward compatibility with KPE II
- Crypto material handling in accordance with EKMS 308 Rev F
Ports
- FILL port for crypto hosts
- Power supply port with 12 Volt DC 150 mA
- Smart card interface
- Optical control connector providing 1 Gbit/s LAN, LC-Connector
Human-Machine Interface (HMI)
- Simplified status display
- Battery status indicator
Performance
- 2 MB/s high speed encryption for data files
- Encryption and decryption of data files up to 100 MB
Temperature
- Operation: -20°C to +70°C
- Storage: -40°C to +70°C
Dimensions
- Height: 55 mm
- Width: 160 mm
- Depth: 270 mm
Power supply
- Six 1.5 Volt AA batteries
- Optional external power supply
Electromagnetic compatibility
- In accordance with VG-Guidelines and MIL-STD-461E
Environmental tests
- In accordance with MIL-STD-810H
- 500.6 Low pressure
- 501.7 High temperature
- 502.7 Low temperature
- 507.6 Humidity - Tested for air transportation up to 10,000 m
Classification
- NATO Cosmic Top Secret
- STRENG GEHEIM German Federal Office for Inforamtion Security (BSI)
Accredited to
- TEMPEST: SDIP 27 Level B
- COMSEC: ZDv A-960/1, BSI Grundschutz, IT-Grundschutzerweiterung Bundeswehr, VSA
Export limitations
- Controlled Cryptographic Item (CCI)
Operational security
- Removable user access token, smart card
- Role privileges (user, administrator and maintenance)
- Enhanced security measures