Available versions of the DLE-7050 data encryption support a wide variety of interfaces, data rates, and communications protocols.
CEPT E1 (G.703) and ANSI T1 (T1.403) units operate as 'frame sensitive' data encryptors, encrypting only the payload data leaving frame signaling information unencrypted. This supports installations where network devices or other higher order multiplexer devices need to see unencrypted framing information.
When configured for operation with RS-232 equipment, the DLE-7050 data encryption performs as a synchronous, 'bulk' data encryptor. Operation on asynchronous RS-232 data connections is also supported where the start and stop bits are left plaintext, but the payload data is encrypted in bulk data encryption fashion. Half duplex versions of the asynchronous RS-232 DLE-7050 data encryption are also available.
The DLE-7050's rugged design allows it to be inserted into many environments where commercial grade devices would not survive. Unit set-up may be performed using an attached data terminal, or via the unit's front panel controls and liquid crystal display.
The DLE-7050 data encryption uses dual, independent, bi-directional encryption engines incorporating TCC's proprietary hardware (ASIC) based DACE Mark XII encryption algorithm. This ASIC chip delivers highly non-linear, non error propagating key generation fully supporting all of the interface options and data rates noted above..
Two menu-selectable methods of key management are supported: (a) manually distributed traffic keys (called 'Master Keys'), or (b) manually distributed key encrypting keys ('KEKs') used to encrypt locally-generated traffic keys ('Session Keys') over the established data link between two data encryptor devices. The second method is also referred to as 'Key-Auto-Key'.
The DACE Mark XII crypto engines use three different keys when encrypting or decrypting data traffic. Two are 'long term' key variables (the Family Key and the Custom Key) while the other is a 'short term' key variable. Depending on key management mode, the short term data encrypting key (DEK) is either a 'Master Key', or a unit self-generated 'Session Key'. Together they provide a total of 308-bits of key diversity.
- Master Key (or Session Key) = 180-bits
- Family Key = 64-bit
- Custom Key = 64-bits
In addition to the three keys above, a randon initialization vector (IV) is generated. After it is encrypted for transport, it is referred to as a Message Key. A new Message Key is generated each time an encryptor and its associated decryptor state machines synchronize.
Dace Mk XII Proprietary Key Stream Generator
Pre-Loaded Primary Keys (180-bits each)
- 'Master Keys' = Data Encrypting Keys
(32 Master Keys Maintained in the DLE)
- Or -
Locally-Generated Primary Keys (180-bits each)
- 'Session Key' = Data Encrypting Key
- Session Key Encrypted by selected Master Key
Two Secondary (Longer-Term) Keys
Key Management Keys (2 each / 180-bits each)
'Message Key' (33-bits)
- Randomly Generated Initialization Vector (IV)
- Sending Unit Encrypts IV yielding Message Key
- Receiving Unit Decrypts Message Key yielding IV
(1) Exchange of Master Key's Index
(2) Exchange of Encrypted Session Key
Crypto Management System (CMS)
- DLE-7050 Generates its own Session Keys
Front Panel Key Erase
Internal Anti-Tamper Protection
Menu Access Protection (physical key)
Menu-selectable Anti-Spoof feature
CEPT E1 (G.703/G.704) @ 2,048kbps
US (ANSI) T1 (T1.403) @ 1,544kbps
ITU-T V.24 / RS-232 Synchronous
ITU-T V.24 / RS-232 Asynchronous
ITU-T V.24 / RS-232 Async Half Duplex
9VDC - 13VDC -or-
15 Watts (maximum)
172mm X 57mm X 355mm
(6.75" X 2.25" X 14")
Operating Temperature: 0°C to +50°C
Storage Temperature: -40°C to +85°C
Humidity: ≤ 95% non-condensing
EMI/EMC: MIL-STD-461 Class A3 Part 4
Local Key Management
Remote Key Management
- Personal Computer-Based System
- Key Fill Device