Abstract: Methods of automatically populating a secure group list in a key variable loader and of providing keys to a secure group are presented. After a user selects a secure group and encryption algorithm using inputs of the loader, the loader provides a group identifier and corresponding key for the group. The group identifier, encryption algorithm, and key are transmitted to a portable communication device over a physical connection between the two while a device identifier of the communication device is transmitted concurrently to the loader. The key variable loader automatically populates a stored list of subscribers of the group with the device identifier. When it is desired to transmit a new key to all of or fewer than all of the subscribers, one of the subscribers is connected with the loader and used to wirelessly transmit a new key to the remaining subscribers.

Abstract: Disclosed is a method for encrypted communications. A first IPsec endpoint selects a security association (SA) from a security association database (SAD) by using a selector and then extracts an indexing parameter from SA. The indexing parameter is used to determine an active key location from a key storage database (KSD). Data packets are then encrypted using a key from the active key location. The first IPsec endpoint also forms a security parameter index (SPI) in a header of the data packet by using a keyID from the active key location and transmits the encrypted data packet with the header indicating the SPI to a second IPsec endpoint.

Abstract: Key management methods and communication protocol adapted to reduce the burden placed upon a key delivery device (e.g., KVL) operator. The KVL (101, 401) receives KMM frames (800) including a target destination field (826) and a key management message field (830). Key management messages (KMMs) to be delivered to various targets are included within the key management message fields. The KVL identifies targets either from target destination identifiers in the target destination field (if the KMM is to be delivered encrypted or “black” transfer to target) or from target destination identifiers in the KMM itself (if the KMM is to delivered unencrypted or “red” transfer to target). The KVL determines candidate devices to be targets if they correspond to the target destination identifiers and if so, the KVL automatically delivers the proper key management messages to the respective targets. Key management messages are not delivered to candidate devices not determined to be targets.