Abstract: A method and apparatus for transmitting encryption keys in a secure communication system is provided herein. During rekeying of a device, a key encryption key (KEK) is utilized to wrap (encrypt) the traffic encryption key (TEK) when the KEK is available to the device. If unavailable, the TEK will be wrapped using public key encryption with the recipient device's public key. The receiving device will then be able to unwrap the TEK using public key decryption with its own private key. Because TEKs are always transmitted in a secure manner, secure and efficient rekeying of devices on foreign networks can occur.

Abstract: Application service is provided for a subscriber unit (SU), employing a first protocol, in a communication network employing a second protocol. The method includes receiving a CAI OTAR message from the SU. The CAI OTAR message includes at least a key management message (KMM) and a CAI header of the SU. The method then includes determining that the first protocol employed by the SU is different from the second protocol associated with the communication network based on the received CAI OTAR message. The method further includes creating a key management message (KMM) preamble, associated with the second protocol, based on at least one of the CAI header and configuration information of the SU, and creating a data link independent (DLI) OTAR message associated with the second protocol. The DLI OTAR message includes the received KMM.

Abstract: A method and apparatus for authenticating a key management message within a secure communication system is provided herein. During operation, a digital signature for message authentication of a Project 25 Key Management Message (KMM) is utilized. In particular, the digital signature will be used to authenticate the KMM in scenarios where there is no Message Authentication Code (MAC). The MAC will be utilized to authenticate the KMM when available. Because authentication of KMMs take place, even when no MAC is available, it becomes increasingly more difficult to tamper or spoof the delivery of encryption keys.

Abstract: A method and apparatus for transmitting encryption keys in a secure communication system is provided herein. During rekeying of a device, a key encryption key (KEK) is utilized to wrap (encrypt) the traffic encryption key (TEK) when the KEK is available to the device. If unavailable, the TEK will be wrapped using public key encryption with the recipient device's public key. The receiving device will then be able to unwrap the TEK using public key decryption with its own private key. Because TEKs are always transmitted in a secure manner, secure and efficient rekeying of devices on foreign networks can occur.

Abstract: A method and apparatus for authenticating a key management message within a secure communication system is provided herein. During operation, a digital signature for message authentication of a Project 25 Key Management Message (KMM) is utilized. In particular, the digital signature will be used to authenticate the KMM in scenarios where there is no Message Authentication Code (MAC). The MAC will be utilized to authenticate the KMM when available. Because authentication of KMMs take place, even when no MAC is available, it becomes increasingly more difficult to tamper or spoof the delivery of encryption keys.

Abstract: Application service is provided for a subscriber unit (SU), employing a first protocol, in a communication network employing a second protocol. The method includes receiving a CAI OTAR message from the SU. The CAI OTAR message includes at least a key management message (KMM) and a CAI header of the SU. The method then includes determining that the first protocol employed by the SU is different from the second protocol associated with the communication network based on the received CAI OTAR message. The method further includes creating a key management message (KMM) preamble, associated with the second protocol, based on at least one of the CAI header and configuration information of the SU, and creating a data link independent (DLI) OTAR message associated with the second protocol. The DLI OTAR message includes the received KMM.