Click for homepage
← USA
Crypto
FILL
NSA
  
STU-III →
  
KSD-64 A   PK-64KC
Key Storage Device

KSD-64 is a Key Storage Device (KSD), developed in 1986 by Datakey Electronics Inc. in Savage (Minnesota, USA) on behalf of the US National Security Agency (NSA). It was used with the STU-III secure telephones made by Motorola, AT&T and RCA. The device was a commercial-of-the-shelf (COTS) product and was typically used as a Crypto Ignition Key (CIK). It was produced until 2015.

The image on the right shows a typical KSD-64 key, which looks like a plastic toy key. Hidden inside the device, is a custom-made parallel EEPROM with 64 Kbits of storage capacity. The 28 contacts of the EEPROM are located between the plastic teeth at either side of the key shaft.

Devices supporting the KSD, have a so-called keyceptacle ® in which the key can be inserted. Once inserted, the key is activated by rotating it (90°) like a domestic key, until it clicks. In that position, the 28 contacts along the key shaft are connected to 28 contacts inside the keyceptacle.
  

When used as CIK, the key contains a random number (generated internally by the phone when the keys are loaded) that is used for encryption of the actual cryptographic keys stored inside the phone. This way, a phone without the CIK, or a lost CIK alone, are unclassified and will not reveal any information about the cryptographic keys whatsoever. Only when the CIK is entered into the telephone it is paired with, can the original keys be recovered and can the phone be operated.

The KSD-64 was used for many years with the STU-III range of secure telephones, and survived at least five US Presidents. A famous example of the use of the KSD-64 is a photograph of US President George W. Bush making a secure call during the attacks on 11 September 2001.

The image on the right shows a close-up from that image, in which he uses a Motorola SECTEL STU-III phone, with a KSD-64 installed in the phone. The white label indicates that this KSD-64 is used as a Crypto Ignition Key (CIK). Click the image for the complete picture.  More
  

Over the years, more than one million KSD-64A keys were manufactured [4]. With the STU-III telephones phased-out, the KSD-64 is no longer in production and is replaced by the compatible PK-64KC which has meanwhile also been phased-out (2015) [3]. Other types of Key Storage Devices — also manufactured by Datakey — are used with later encryption devices, such as the KIV-7. Such KSDs generally contain a serial EEPROM and in some cases additional intelligence.

Compatible devices
STU-III (general description)
Motorola STU-II/B
Motorola SECTEL STU-III
AT&T/Lucent STU-III (later sold by General Dynamics)
GE/RCA STU-III third generation secure telephone unit
Remote Control Unit GL-7171 of the Saudi Arabian Piece Shield system
Motorola STU-III/R (STU-II and STU-III compatible)
Applications
All KSD-64A versions are suitable for the following applications:
  • Crypto Ignition Key (CIK)
  • Fill Key (FK)
  • Terminal Activation Key (TAK)
  • Security Activation Key (SAK)
  • Traffic Activation Key (TAK)
  • Master CIK
  • Simple firmware updates and patches
  • Data logging
  

Versions
  • KSD-64A
  • PK-64KA
  • PK-64KB
  • PK-64KC
  • PK-256KB 1
  1. 256KB version of the parallel key.

US Presidents
The following US Presidents are known to have used the KSD-64A:

  • Ronald Reagan
  • Bush
  • Bill Clinton
  • Gearge W. Bush
  • Barack Obama
KSD-64A (left) and PK-64KB (right)
A KSD-64 with a Motorola tag
Inserting the KSD-64 into a Motorola SECTEL phone
Turning it clockwise for security activation
The KSD-64 used as a FILL key for the Motorola SECTEL
PK-64KB
PK-64KB with tag
KSD-64A and PK-64KC on a single key chain
A
×
A
1 / 8
KSD-64A (left) and PK-64KB (right)
A
2 / 8
A KSD-64 with a Motorola tag
A
3 / 8
Inserting the KSD-64 into a Motorola SECTEL phone
A
4 / 8
Turning it clockwise for security activation
A
5 / 8
The KSD-64 used as a FILL key for the Motorola SECTEL
A
6 / 8
PK-64KB
A
7 / 8
PK-64KB with tag
A
8 / 8
KSD-64A and PK-64KC on a single key chain

Interior
The x-ray image 1 below shows what is inside the KSD-64. At the centre is the actual EEPROM chip, which is directly wire-bonded to the tracks of a Printed Circuit Board (PCB) with gold-plated contacts along both of its long sides. These contacts mate with the contacts in the keyceptacle.


The complete assembly (chip, wiring and PCB) are cast in a durable chemical-resistant plastic key-shaped body, which can be carried on a keychain, just like a regular key. The structures of the silicon EEPROM chip itself are not visible, as the x-rays are absorbed by the rectangular part of the frame, onto which the chip is glued. In the close-up, the bonded wiring is clearly visible however. Further x-ray images, including images of the replacing PK-64KC, are available below.

  1. Images made with Creative Electron TruView Prime.  More

KSD-64 interior
PK-64 KC interior
Close-up of the KSD-64
Close-up of the PK-64KC
Close-up of the chip inside the KSD-64
Close-up of the chip inside the PK-64KC
B
×
B
1 / 6
KSD-64 interior
B
2 / 6
PK-64 KC interior
B
3 / 6
Close-up of the KSD-64
B
4 / 6
Close-up of the PK-64KC
B
5 / 6
Close-up of the chip inside the KSD-64
B
6 / 6
Close-up of the chip inside the PK-64KC

Replacement   PK-64KC
The KSD-64 has been superceeded by the compatible PK-64KC, that is shown here, and more recently by the PKA-64KC. These devices have the same storage capacity as the earlier KSD-64 and fit the same keyceptacle.

The only visible difference is the smaller grip. The replacement keys are also manufactured by Datakey Electronics [A] and and are fully compatible with the old KSD-64A.

 Datasheet

  

Keyloader   PKS-703
The cryptographic key or other sensitive key material is loaded into the KSD-64 and PK-64 by means of a PKS-703 keyloader, connected to a PC with appropriate software. It can be used to clear a key, to write new data into a key, and the read (or clone) an existing KSD-64 key.

The PKS-703 consists of a small plastic box with a Keyceptacle for a KSD-64 key at the front. An internal 8051 microcontroller, with a simple data protocol allows the key to be accessed from any computer with the appropriate software.

The image on the right shows a typical PKS-703 keyloader as part of a key distribution system. It can be placed on a desktop, aside or on top of a PC, connected to the standard COM-port (RS-232) by means of a 9-pin sub-D plug (DE9). An optional (heavy) metal cradle was available to prevent the interface from slipping off the desk.
  

The PKS-703 can be used to write each individual byte of the 8KB EEPROM inside the KSD-64 (64 Kbit) individually, or write the entire memory at once. There is no intelligence inside the KSD-64; it is just a plain Electrically Erasable Programmable Read-Only Memory (EEPROM). Creating a valid cryptographic key for a certain purpose and/or security level, is subject to the software driving it, which commonly takes the form of some kind of Electronic Key Management System (EKMS).

Datakey PKS-703 keyloader
Entering a KSD-64
Key fully inserted
Rotate 90 degrees to activate
KSD-64 installed in the PKS-703 keyloader
PKS-703 Datakey keyloader (reader/writer)
Close-up of the Keyceptacle inside the PKS-703
Bare Keyceptacle
C
×
C
1 / 8
Datakey PKS-703 keyloader
C
2 / 8
Entering a KSD-64
C
3 / 8
Key fully inserted
C
4 / 8
Rotate 90 degrees to activate
C
5 / 8
KSD-64 installed in the PKS-703 keyloader
C
6 / 8
PKS-703 Datakey keyloader (reader/writer)
C
7 / 8
Close-up of the Keyceptacle inside the PKS-703
C
8 / 8
Bare Keyceptacle

STU-III
The KSD-64 and PK-64 devices were typically used with the STU-III secure telehone units, from various manufactuers, such as Motorola and AT&T (Lucent). They were also used for the Motorola SECTEL range of secure civil phones. Click any of the thumbails below for further information.

 More about the STU-III

  

Motorola STU-III phones with Type 1 and Type 2 encryption
AT&T (later: Lucent) STU-III phones
Motorola SECTEL range of secure phones
GE/RCA STU-III third generation secure telephone unit
RCA
Other Key Storage Devices
The manufacturer of the KSD-64 – Datakey Electronics – produces a wide range of different key storage devices, ranging from simple unique identifiers, to CryptoMemory storage devices.

Most keys are available in a variety of enclosures and a choice of interfaces [1], such as the DK-series (seriak memory) that was used with early versions of the KIV-7.

 Datakey product overview (2009)
 KIV-7 and DK-series key

  


Video
In 2019 — being short of spare KSD-64 keys — US crypto collector John McMaster started a project to duplicate the keys by means of 3D printing and alternative hardware. On 3 August 2019 he presented the intermediate results of his efforts in this 3½ minute video on YouTube:

Glossary
Below, some expressions and acronyms related to the KSD-64 are explained. For additional explanations, please refer to the Crypto Glossary.

CIK   Crypto Ignition Key
A physical token (usually an electronic device) used to store, transport and activate the cryptographic keys of electronic cipher machines. (Wikipedia)
FK   Fill Key
KC   Keyceptacle
Registered trademark of Datakey for a Key Receptacle.
SAK   Security Activation Key
TAK   Terminal Activation Key
Related patents
  1. Electronic Information Key
    Patent USD274,126. Filed 17 September 1982.

  2. Portable Electronic Information Devices and Method of Manufacture
    Patent US4,578,573. Filed 23 March 1983.
Documentation
  1. Datakey Electronics, PK Series Datasheet
    Retrieved December 2010.
References
  1. Datakey Electronics, Memory available and standard form factors
    Retrieved December 2010.

  2. Datakey Electronics, Lowering the high cost of security - STU-III
    July 2006. Retrieved March 2013.

  3. Datakey Electronics, Parallel Keys End-of_Life (EOL) Notice
    Product Change Notice (PCN) 20141103. 14 November 2014.

  4. Paul Plitzuweit, A 30-Year Run for the Parallel Key Line
    Datakey Electronics website. 4 December 2014.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Friday 03 December 2010. Last changed: Thursday, 18 April 2024 - 08:54 CET.
Click for homepage