Communicate in Confidence ®

Call TCC Sales at +1-978-287-6229

KEYNET Optical Manager

Trusted Key and Device Management
for DSD 72B-SP SONET/SDH Encryption

TCC's DSD 72B-SP interoperable SONET/SDH encryption family (industrial, ruggedized and military variants) are centrally deployed, configured and managed by TCC's advanced online KEYNET Optical Manager for network encryption and secure communications. Multiple layers of protection secure keys at every point in their life cycle without human intervention.

Request a Quote



KEYNET also provides user-authenticated, role-based secure device management, as well as path configuration and monitoring that supports network policies (blocked, plain, secure). With an intuitive user interface and automated polls, alarms and logs, a network expert is not needed for trusted key and device management of a large network.

KEYNET provides end-user control over secret key generation functions and ensures that all virtual container (VC) data is processed in the assigned mode (secured, plain, blocked, unequipped, etc.). It also ensures that changes to VC endpoints (container re-routings) are efficiently managed. KEYNET's auditing of individual DSD 72B-SP SONET/SDH encrytion devices allows role-based, authenticated users to confirm the configuration of all DSD 72B-SP SONET/SDH encryption devices, perform remote diagnostics, and manage each device’s moment-to-moment virtual, logical connections.

KEYNET: SONET/SDH encryption management screenshot

KEYNET: SONET/SDH encryption management screenshot

KEYNET Optical Manager is comprised of an MS Windows® 7 based 19" rack mounted personal computer (PC) and an attached TCC Security Vault. The Security Vault communicates with its PC-based Server via a dedicated IP over Ethernet connection. The PC hosts the KEYNET server application (KSA) service. A KEYNET Local Client (KLC) application is also hosted on the PC, and communicates with the embedded KSA service. Using the KLC, the user logs onto and authenticates with the KSA. The Server also securely communicates with each fielded DSD 72B-SP SONET/SDH encryptor over an IP network (e.g., the Internet, or private IP data network).







SONET/SDH Encryption KEYNET Management Features

Key Management Functionality
Centrally Managed by KEYNET Optical Manager server

  • Scheduled key updates
         Assigned optical paths
  • Whenever required (on-demand)
         Reassignment of fiber segments
         Reroute of Virtual Containers (VCs)
         Restoration due to fiber outages

Device Management Functionality
Centrally Managed by KEYNET Server

  • Dynamically reassign VCs
  • Set Security Levels of Individual VCs
         Cipher / Block / Plain / Forced Plain
         Unassigned / Unequipped
  • Monitor critical functions
         Per user-defined polling intervals
         Retrieve security events (Audits)
         Monitor device logistical status
         Record asynchronous events / traps
  • Health of Virtual Containers
        Section & Path overhead data
  • Inter-Device Communications Links
         Set path overhead IDCL channel(s)

High-Level Security
Data Encryption Algorithm: AES-256

  • Trusted secret key infrastructure
  • All keys encrypted by Security Vault
  • All management messages to / from KEYNET are encrypted
  • All security relevant activities logged
  • Logs retrieved by KEYNET

Tamper-resistant enclosure

  • Keys erased when enclosure is opened

Encrypted and Authenticated Key and Device Management

KEYNET Optical Manager Specifications

Support Network Topology        KEYNET messages sent over IP data network (e.g., Internet)
– AES-256 encrypted device management messaging
via SNMP (IPv4) MIB messages

– AES-256 encrypted key management messaging
via ANSI-defined Key Service Messages (KSMs)

Management of Two Independent
Network Interfaces
       External network interface to each DSD 72B-SP device
– Internet Protocol (IP) over Ethernet physical layer

Security Vault interface (Server PC to Security Vault)
– Dedicated IP over Ethernet interface

KEYNET Device Management        Remote polling of each DSD 72B-SP Device
– Retrieves up-to-date device status information
– Retrieves audit reports (Security; Operations; Logistics)

KEYNET Key Management        Initial Master Key Encrypting Key (MKEK) generation
Manual MKEK distribution (to each DSD 72B-SP)
Electronic distribution of required keys to each DSD 72B-SP
– PKEK / PMAK pairs
AES-256 MKEK-encrypted key distribution messages

KEYNET Network Management        Virtual Container configurations (network topology set-up)
Virtual Container rerouting (performed on-demand)
– Sends PKEK / PMAK key pairs prior to rerout execution

KEYNET Power        100VAC to 240VAC / 50Hz or 60Hz
Optional Uninterruptible Power Supply (Recommended)

KEYNET Server Personal Computer:        19" Rack Mountable

TUV logo Quality
TCC is dedicated to quality products and services. TCC is ISO 9001 certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality systems in design/development, production, installation and servicing.