A SECURE, SCALABLE, AND PROVEN KEY MANAGEMENT SOLUTION

TETRA KEY
FEATURES:
Supported Devices
• TETRA Two-Way Radios
with OTAR

MANAGEMENT FACILITY
• TETRA Dispatch Consoles

Greater Control of Your

Operations
• Over the Air Rekeying (OTAR)
• Over the Ethernet Rekeying
(OTEK)
Cybercriminals continue to increase both their speed and sophistication of cyber attacks. • Automatic Rekey
Opportunities
You are facing both economic and technical barriers that hinder your ability to ensure • Store and Forward
• Secure User Group
secure interoperable communications. Your organization is looking for the most effective Management
and secure way to manage encryption keys across a growing number of devices within
Greater Visibility of Your
your network. You need a scalable, easy to deploy platform that provides greater visibility, Devices
• KMF Hello
allows for more control, and delivers enhanced security enabling you to respond faster, • Group Key Currency
minimize risks, and stay ahead of cyber attacks.
SYSTEM COMPONENTS
INCLUDE:
The TETRA Key Management Facility (KMF) provides or administrative costs of having users bring their • Windows Server ®
a robust and feature rich platform for effectively devices into the shop for manual rekeying. The KMF • KMF Server and Client
Software
managing secure interoperable communications across gives you greater visibility and control of your deployed
• Windows ® Client
all of your security enabled devices including TETRA devices, so you can respond faster to changes in your • KMF CRYPTR
two-way radios and dispatch consoles. The KMF environment and minimize the risk of compromising
removes the inherent complexity out of administrating sensitive information. With the ability to generate,
and managing encryption keys. Keep your voice and load, and delete keys on-demand via an intuitive
data communications secure with encryption keys that interface you can stay ahead of your adversaries and
update over-the-air without the delays, inconvenience better insulate yourself from attacks.

DATA SHEET | TETRA KEY MANAGEMENT FACILITY

HIGH ASSURANCE KEY MATERIAL STORAGE AUTOMATIC REKEY OPPORTUNITIES
All key material storage and key management messages When devices are out of OTAR range and or powered
within the system are backed by our CRYPTR hardware down automatic rekey opportunities will intelligently
security module (HSM). The CRYPTR provides an update the devices when they are back on the
attack-resistant and tamper-evident high assurance system or powered back on so devices never miss a
protection of all key material. The KMF can intelligently key update. Automatic rekey opportunities ensures
replenish encryption keys when inventories drop below your entire fleet of devices are loaded with current
the necessary volume freeing your reliance on 3rd party encryption keys.
suppliers or manual key material generation.
EXTEND THE CAPABILITY OF OTAR WITH
STORE AND FORWARD
HAVE GREATER CONTROL OF YOUR When devices are out of OTAR range but require
OPERATIONS an immediate update you can take advantage of
OVER THE AIR REKEYING (OTAR) our TETRA Key Variable Loader (KVL 4000). The
Keep your devices deployed in the field where they TETRA KVL 4000 provides a more localized tool
matter most, not in the shop. Eliminate the logistical and for key distribution. The KVL 4000 transfers key
time consuming burden of manually rekeying devices management messages to out of range devices and
on a regular basis by remotely and securely loading the acts as an intermediary between the KMF server
essential key management updates to your devices via and the device. Encryption key currency is maintained
Over-the-Air Rekeying (OTAR). With OTAR you reduce when the TETRA KVL 4000 is connected back to
the time to re-key devices and gain greater control of the KMF.
those devices by being able to update a device’s keys,
poll the device, and or erase the device’s keys. OTAR SECURE USER GROUP MANAGEMENT
simplifies the process of your key management strategy In order to effectively manage secure communications
by making it easier to frequently change encryption among user groups a Common Key Reference (CKR)
keys for a greater cyber security posture. Simplified key is utilized with the KMF. A CKR is a permanent
management with OTAR makes it easier to eliminate system-wide three-digit key reference assigned to
threats like eavesdropping, man-in-the-middle attacks, each talk group. With a CKR, an operator can visually
and impersonation. track the members of a group and their associated
encryption key. With the KMF, operators can send
OVER-THE-ETHERNET KEYING (OTEK) a new key to all members of a secure group with a
With Over-the-Ethernet Keying (OTEK) you can provide single gesture.
the same mechanisms for managing encryption keys as
OTAR with the exception that messages are delivered
over an ethernet connection. This is ideal for agencies
with infrastructure products such as dispatch positions.
OTEK eliminates the need to physically touch any of the
dispatch positions and ensures that your dispatchers
can communicate across multiple talk groups enabling
secure interoperable communications.

DATA SHEET | TETRA KEY MANAGEMENT FACILITY

HAVE GREATER VISIBILITY OF YOUR DEVICES
KMF HELLO GROUP KEY CURRENCY
With KMF Hello you can easily see whether your Group Key Currency ensures greater visibility of
devices are within range of the system network without your devices in the field and allows you to know
introducing unnecessary voice traffic. exactly which devices are not up to date with the
latest encryption key.

KEY MANAGEMENT FACILITY ECOSYSTEM

OVER THE AIR REKEYING (OTAR)

KMF CLIENT

KMF SERVER

OVER THE ETHERNET KEYING (OTEK)

KMF CRYPTR

LOCALIZED DISTRIBUTION OF KEYS

KVL 4000 KVL 4000

DATA SHEET | TETRA KEY MANAGEMENT FACILITY

KEY MANAGEMENT FACILITY SPECIFICATIONS

TETRA & SFPG FEATURES KMF CRYPTR ELECTRIAL AND PHYSICAL SPECIFICATIONS

Add, Modify, and Delete Keys Power 12VDC@ 500 mA

Zeroize Dimensions (mm) 29.5 x 92 x142

Change-Over Weight 300 g

Rekey KMF CRYPTR SECURITY AND CERTIFICATIONS

Hello Key Storage Capacity 1 Master Key per algorithm

Warm Start FCC CRF 47 Part 15 subpart B for class B equipment

AES Algorithms CE Certification EN55022: 1998

EN55024: 1998
MOTOROLA SPECIFIC FEATURES
Multiple Encryption Algorithms Supported AES 128
AES 256

PERFORMANCE AND CAPACITY

Up to 10 clients supported

For more information on how you can quickly and easily manage
encryption keys across your TETRA enabled two-way radios and
dispatch consoles visit us at www.motorolasolutions.com/tetra

MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered
trademarks of Motorola Trademark Holdings, LLC and are used under license. All other trademarks are the
property of their respective owners. ©2016 Motorola, Inc. All rights reserved. 05-2016