The TKMD is a low-cost small form factor Key Management Facility with the capability to support smaller tactical teams/subscribers, up to 1,500 radios (much more if several TKMDs are IP network interconnected). The TKMD is a P25 centralized or portable solution that increases efficiencies and reduces cost. Utilizing P25 Over-the-Air-Rekeying (OTAR) protocols, the TKMD can access RF Infrastructure via a direct cable (Quantar™, GTR8000™, etc.), or via IP to TIA-Standard DFSI Base Stations. The TKMD only requires the use of a laptop with a browser for initial set-up/provisioning then operates autonomously. The TKMD is highly portable, has a quick setup time, and delivers a locally controlled, fully functional Key Management Facility. This concept of operation lowers lead and preparation time for missions and eliminates the “service center” concept of key management. The TKMD also significantly reduces the management overhead of a KVL-only approach for small missions.
Centralized or Portable Management Key
The user-friendly TKMD brings the management of your P25 encryption into one central location or easily portable, making it easier to manage and update the encryption keys used across your organization. The TKMD is an ideal encryption management tool for networks that are geographically dispersed and/or have multiple terminals.
Keys
The TKMD can generate both AES-256 and DES-OFB keys using an internal Random Number Generator that is FIPS 140-2 compliant. In addition, the TKMD sends and receives AES double-encrypted Key Files to allow updates of TKMD keys remotely. New key material is automatically updated in each referenced subscriber radio key file when received.
Interfaces
The TKMD can also interface and accept key material from a KVL-3000+ Key Fill Device (KFD) as well as a KVL-4000 and other Key Fill Devices. The TKMD can also export locally generated key material to any TIA-Standard KFD device.
Support
Each TKMD stores up to keys/configuration data for up to 1,500 subscribers. The TKMD is designed as a distributed Key Management System with the TKMD located (or at least IP connected to) each OTAR Base Station. TKMDs can exchange encrypted files over an IP network to distribute subscriber radio and/or key material throughout the Key Management System.
The TKMD can also function as a server that will send the subscriber information including key material for any unknown subscriber that appears on the OTAR channel serviced by another IP network interconnected TKMD. If the local TKMD is networked with other TKMDs the ability to handle multiple subscribers is essentially unlimited.
Administrative Benefits
Secure web page supplies radio status by device or group, with visual indication of key updates, and common key references. The subscriber radio-specific information can be manually inserted from the web interface or be automatically generated from an uploaded CSV spreadsheet.
Functionality
The TKMD supports Hello, Zeroize, Keyset Change, Warm Start, Key Modify, Key Delete.
Compatibility
The TKMD has been tested successfully with nearly all Project 25 OTAR-capable radios, including Motorola XTS-5000, Motorola APX, Relm KNG, Harris, ICOM, EF Johnson. The TKMD has been extensively tested using either the Motorola Quantar/GTR-8000 or the Codan/Zetron MT-4 as a base station.
- FIPS140-2 Certified available
- ISO 9001:2015 Certified
• Tactical Key Management Device (TKMD) FIPS 140-2 Certified – Overview Brochure (2025)
• Tactical Key Management Device (TKMD) – Description (2025)
• Tactical Key Management Device (TKMD) – Web Page Description (2025)
• Tactical Key Management Device (TKMD) KFD Version – Overview Brochure (2025)