Spy radio
Burst encoders
• • • Donate • • •
   Click for homepage
KSD-64 A   PK-64KC
Key Storage Device

The KSD-64 is a so-called Key Storage Device (KSD) developed by the American NSA for use with electronic cryptographic equipment like the STU-III series of secure telephones. It was made by Datakey Electronics in Savage (Minnesota, USA). It is typically used as a Crypto Ignition Key (CIK) in key-splitting applications, but it can also be used for other purposes, such as a key filler.

The image on the right shows a typical KSD-64 key, which looks like a plastic toy key. Hidden inside the device, is a custom-made parallel EEPROM with 64 Kbits of storage capacity. The 28 contacts of the EEPROM are situated in between the plastic teeth of the key.

Devices supporting the KSD, have a so-called keyceptacle in which the key can be inserted. Once inserted, the key is activated by rotating it (90°) like a domestic key, until it clicks. In that position, the 28 contacts of the key are connected to 28 contacts inside the keyceptacle.
KSD-64 Key Storage Device

When used as CIK, the key contains a random number (generated internally by the phone when the keys are loaded) that is used for encryption of the actual cryptographic keys stored inside the phone. This way, a phone without the CIK, or a lost CIK alone, have no meaning whatsoever and will not reveal any information about the cryptographic keys. Only when the CIK is entered into the phone it is paired to, can the original keys be recovered and can the phone be operated.

The KSD-64 was used for many years with the STU-III range of secure telephones and survived at least four US Presidents. One famous example of the use of a KSD-64 is a photograph of US President George W. Bush who makes a secure call immediately after the first attack on 911.

The image on the right shows a close-up from that image, in which he uses a Motorola SECTEL STU-III unit, with a KSD-64 installed in the phone. The white label indicates that this KSD-64 is used as a Crypto Ignition Key (CIK). Click the image for the complete picture. More...

With the STU-III telephones phased-out, the KSD-64 is no longer in production and is replaced by the compatible PK-64KC (see below) which is also available from Datakey Electronics. The images below show a typical KSD-64A key being used with a Motorola SECTEL 2500 secure telephone. Other types of Key Storage Device, also manufactured by Datakey, are used with later encryption devices, such as the KIV-7. Such KSD's generally contain a serial EEPROM with some intelligence.

KSD-64 Key Storage Device A KSD-64 with a Motorola tag Inserting the KSD-64 into a Motorola SECTEL phone Turning it clockwise for security activation The KSD-64 used as a FILL key for the Motorola SECTEL PK-64KC Key Storage Device PK-64KC with a Motorola Tag KSD-64A and PK-64KC on a single key chain

Possible uses
The KSD-64A can be used for the following applications:

  • CIK - Crypto Ignition Key
  • FK - Fill Key
  • TAK - Terminal Activation Key
  • SAK - Security Activation Key
  • TAK - Traffic Activation Key
  • Master CIK
  • Simple firmware updates and patches
Replacement PK-64KC
The KSD-64 has been superceeded by the compatible PK-64KC, that is shown here, and more recently by the PKA-64KC. These devices have the same storage capacity as the earlier KSD-64 and fit the same keyceptacle.

The only visible difference is the smaller grip. The replacement keys are also manufactured by Datakey Electronics [1] and and are fully compatible with the old KSD-64A.

PK-64KC Key Storage Device

The X-Ray image below shows the interior of the PK-64KC, the replacement of the KSD-64. At the center is the memory chip, which is mounted on a lead frame that is molded inside the plastic key, with the contacts of the lead frame extending to the upper and lower sides of the key.

Keyloader PKS-703
The cryptographic key or other sensitive key material is loaded into the KSD-64 and PK-64 by means of a PKS-703 keyloader, connected to a PC with appropriate software. It can be used to clear a key, to write new data into a key, and the read (or clone) an existing KSD-64 key.

The PKS-703 consists of a small plastic box with a Keyceptacle for a KSD-64 key at the front. An internal 8051 microcontroller, with a simple data protocol allows the key to be accessed from any computer with the appropriate software.

The image on the right shows a typical PKS-703 keyloader as part of a key distribution system. It can be placed on a desktop, aside or on top of a PC, connectes to the standard COM-port (RS-232) by means of a 9-pin sub-D plug (DB9). An optional (heavy) metal cradle was available to prevent the interface from slipping of the desk.
PKS-703 Datakey keyloader (reader/writer)

The PKS-703 can be used to write each individual byte of the 8KB EEPROM inside the KSD-64 (64 Kbit) individually, or write the entire memory at once. There is no intelligence inside the KSD-64; it is just a plain Electrically Erasable Programmable Read Only Memory (EEPROM). Creating a valid cryptographic key for a certain purpose and/or security level, is subject to the software driving it, which commonly takes the form of some kind of Electronic Key Management System (EKMS).

Datakey PKS-703 keyloader Entering a KSD-64 Key fully inserted Rotate 90 degrees to activate KSD-64 installed in the PKS-703 keyloader PKS-703 Datakey keyloader (reader/writer) Close-up of the Keyceptacle inside the PKS-703 Bare Keyceptacle

The KSD-64 and KD-64 devices were typically used with the STU-III secure telehone units, from various manufactuers, such as Motorola and AT&T (Lucent). They were also used for the Motorola SECTEL range of secure civil phones. Click any of the thumbails below for further information.

 More about the STU-III
Motorola SECTEL 2500 with CIK

Motorola STU-III phones with Type 1 and Type 2 encryption AT&T (later: Lucent) STU-III phones Motorola SECTEL range of secure phones

Other Key Storage Devices
The manufacturer of the KSD-64, Datakey Electronics, produces a wide range of different key storage devices, ranging from simple unique identifiers, to CryptoMemory storage devices.

Most keys are available in a variety of different enclosures and a choice of interfaces [2], such as the DK-series that was used with early versions of the KIV-7.

 Datakey product overview
 KIV-7 and DK-series key
Click here to download the complete product overview

Below, some expressions and acronyms related to the KSD-64 are explained. For additional explanations, please refer to the Crypto Glossary.

CIK   Crypto Ignition Key
A physical token (usually an electronic device) used to store, transport and activate the cryptographic keys of electronic cipher machines. (Wikipedia)

FK   Fill Key

Keyceptacle   Key-Receptacle
Registered trademark of Datakey for a Key Receptacle.

SAK   Security Activation Key

TAK   Terminal Activation Key

  1. Datakey Electronics, PK Series Datasheet
    Retrieved December 2010.

  2. Datakey Electronics, Memory available and standard form factors
    Retrieved December 2010.

  3. Datakey Electronics, Lowering the high cost of security - STU-III
    July 2006. Retrieved March 2013.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Friday 03 December 2010. Last changed: Thursday, 09 March 2017 - 09:47 CET.
Click for homepage