The Onboard Crypto Management Unit (OCMU) is a high security embedded device used to load and distribute crypto material. OCMU can be remotely controlled by the pilot via the MIL-bus interface or with the front panel key pad.
The name OCMU refers to a range of products for onboard key management units, including the Centralized Cryptographic Management Unit (CCMU) for aircraft and the Automatic Cryptographic Variable Management Unit (ACVMU) for helicopters.
For key management services concerning generation, preparation, distribution and Public Key Infrastructures features, please refer to our Cybels Key Management Centre Defence (Cybels KMC Defence) solutions.
OCMUs allow the reception of so-called mission relevant bulk aggregated key material and data usable on land, air and naval platforms. The bulk key aggregates are generated by the Key Loading Management System (KLMS), part of Cybels KMC Defence. They are transferred to platforms using a Data Transfer Device (DTD II). OCMUs on airborne platforms are remotely controlled by the pilot via MIL-bus interfaces or controlled locally by security personnel via a front panel key pad. The Crypto Ignition Key (CIK) authorises any operation executed on the device.
The OCMUs are also protected against tampering, while keys stored on the OCMU are additionally encrypted and secured. Emergency deletion can be triggered locally by the operator, remotely by the pilot or through sensors. Security relevant events are recorded in the audit log. The red and black key separation uses galvanic and mechanic methods to separate encrypted and unencrypted key material. Firmware updates are signature protected by the German Federal Office for Information Security (BSI). Thales’ ACVMU and CCMU are approved by the BSI and the Security and Evaluation Agency (SECAN).
Ports
- FILL port for crypto hosts
- S111 port for fill devices
- Crypto Ignition Key (CIK) slot for removable user access token
- Ampenol port for crypto hosts
- Ampenol port for crypto host MIL-Bus
- Ampenol port for 28 Volt DC external power supply
Protocols
- DS-101 crypto material transfer, in accordance with EKMS 308 Rev F
- DS-102 Common Fill Device Interface (CFDI), in accordance with EKMS 308 Rev F
- RS-232 crypto host loading, in accordance with EKMS 603
Human-Machine Interface (HMI)
- Keypad: 9 keys
- Display: 2 x 16 characters
Temperature
- Operation: -20°C to +70°C
- Storage: -40°C to +70°C
Weight
2.5 kg
Dimensions
- Width: 146 mm
- Height: 95 mm
- Lenght: 198 mm without plugs
Power supply
- 28 Volt DC
Electromagnetic compatibility
- According to VG-Guidelines and MIL-STD-461E
Environmental tests
- In accordance with MIL-STD-810H
- 500.3 Low pressure
- 514.4 Vibration
- 516.4 Shock - Tested for air transportation up to 10,000 m
Classification
- NATO Cosmic Top Secret
- STRENG GEHEIM (German Federal Office for Information Security (BSI))
Accredited to
- TEMPEST: SDIP 27 Level C
- COMSEC: ZDv A-960/1, BSI-Grundschutz, IT-Grundschutzerweiterung Bundeswehr, VSA
Export limitations
- Controlled Cryptographic Item (CCI)
Operational security
- Operation restricted via connected user access token, Crypto Ignition Key (CIK) and passcode
- Tamper protection
- Manipulation detection label
- Power monitoring
- Emergency erasure (zeroization)
Crypto host compatibility
- Global Positioning System (GPS) such as Safran GPS GADIRS
- Identification Friend or Foe (IFF) such as Thales TSX 2500 Family
- Multifunctional Information Distribution System (MIDS) such as Datalink MIDS JTRS
- Radio communication such as Thales SEM93