| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 10/10/2029 |
| Caveat | When installed, initialized and configured as specified in Section 11 of Security Policy. No assurance of the minimum strength of generated SSPs |
| Vendor | Motorola Solutions, Inc. |
flowchart LR
%% Deterministic review-risk graph for Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 2
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 2
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Astro Subscriber Motorola Advanced Crypto Engine (MACE)
| # | Section | Page |
|---|
| Item | Page |
|---|---|
| Table 1 – Security Levels | 4 |
| Table 2 – Cryptographic Module Tested Configuration | 5 |
| Table 3 – Approved Mode Drop-in Algorithms | 5 |
| Table 4 – Approved Mode Indicator | 7 |
| Table 5 – Approved Algorithms | 7 |
| Table 6 – Non-Approved Algorithms Allowed in the Approved Mode of Operation | 9 |
| . | 9 |
| Table 8 – Ports and Interfaces | 10 |
| Table 9 – Roles, Service Commands, Input and Output | 11 |
| Table 10 – Roles and Authentication | 12 |
| Table 11 – Approved Services | 12 |
| Table 12 – Physical Security Inspection Guidelines | 18 |
| Table 13 – SSP Management Methods | 20 |
| Table 14 – SSPs | 21 |
| Table 15 – Non-Deterministic Random Number Generation Specification | 23 |
| Table 16 – Error States and Indicators | 24 |
| Table 17 – Pre-Operational Self-Test | 24 |
| Table 18 – Conditional Self-Tests | 25 |
| Table 19 – References | 28 |
| Table 20 – Acronyms and Definitions | 29 |
| Figure 1: MACE Chip (Top) | 6 |
| Figure 2: MACE Chip (Interfaces) | 6 |
| Figure 3: Cryptographic Boundary Block Diagram | 6 |
This document defines the Security Policy for the Astro Subscriber Motorola Advanced Crypto Engine (MACE)
1 General 2
2 Cryptographic Module Specification 2
3 Cryptographic Module Interfaces 2
4 Roles, Services, and Authentication 3
5 Software/Firmware Security 3
6 Operational Environment N/A
7 Physical Security 2
8 Non-Invasive Security N/A
9 Sensitive Security Parameter Management 2
10 Self-Tests 3
11 Life-Cycle Assurance 3
12 Mitigation of Other Attacks N/A
Overall 2 Motorola Solutions Public Material
The MACE cryptographic module is a single chip hardware cryptographic module. The MACE is used in multiple Motorola Solutions, Inc. subscribers. The MACE cryptographic module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated overall Security Level 2.
The MACE cryptographic module is tested on the following operational environment. Table 2
The physical form of the MACE cryptographic module is depicted in Figure 1 and Figure
Figure 1: MACE Chip (Top) Figure 2: MACE Chip (Interfaces) The MACE IC has an SSI port, a KVL port when connected to the Motorola Key Variable Loader (KVL), SelfTest Indicator Interface, and Power Connections. Status Indicator Status KVL Port KYLD Cryptographic The MACE Boundary SSI RX 1.8V Power SSI Port SSI TX CPLD Audio OMAP CODECs Figure 3: Cryptographic Boundary Block Diagram
The MACE is originally non-compliant and must be configured to operate in an Approved Mode of operation. The MACE must be installed, initialized and configured, including a required change of the factory-default password, in order to be in an Approved Mode. Documented below are the additional configuration settings that are required for the MACE to be used in an Approved Mode of operation at overall Security Level
There is no Non-approved Mode. Table 4
In order to configure the MACE into an approved mode, the Module configuration service must be used to ensure Red Keyloading is enabled, and the following parameters are disabled.
The MACE implements the Approved and Non-Approved but Allowed cryptographic functions listed in the tables below. Note: The brackets [] reference the corresponding documents that can be found in the References - Table Table 5
Description / Key Size(s) / Key Cert # Algorithm Mode Use/Functions Strength(s) CBC [38A] Key Sizes: 256 Encrypt, Decrypt OFB [38A] Key Sizes: 256 Encrypt, Decrypt ECB [38A] Key Sizes: 256 Encrypt, Decrypt CBC [38A] Key Sizes: 256 Encrypt, Decrypt A2262 AES [197] OFB [38A] Key Sizes: 256 Encrypt, Decrypt GCM [38D]1 Key Sizes: 256 Encrypt, Decrypt Authenticated Encrypt, Decrypt A2263 AES [197] KW [38F] Forward. Key Sizes: 256 for storing SSPs A2264 AES [197] KW [38F] Forward. Key Sizes: 256 Authenticated Decrypt for KTS [133] Sections 4 and 5.2 Asymmetric key establishment key generation using unmodified DRBG output [133] Section 4 and Section 6.1 Direct symmetric key VA CKG [IG D.H] Key Generation generation using unmodified DRBG output [133] Section 6.3 Symmetric Keys Produced by Combining (Multiple) Keys and Other Data CTR with derivation Deterministic Random Bit A2265 DRBG [90A] AES-256 function Generation2 A655 ECDSA [186-4] P-384 (SHA2-384) Key Generation HMAC Key Sizes: 32 bytes HMAC [198] SHA2-384 Message Authentication
KASECC (Initiator, Key Agreement Scheme KAS-ECC Responder), KPG, P-384 Key establishment methodology A2266 [56Ar3] Partial, oneStepKdf SHA2-384 provides 192 bits of encryption (SP800-56Cr1) strength Decrypt OTAR Key blocks encrypted with AES 256 bit keys. A2264 KTS [38F] KW AES KW Cert. #A2264 Key establishment methodology provides 256 bits strength A5253 RSA [186-5] PKCS1_v1.5 2048 SigVer RSA RSA [186-2]3 PKCS1_v1.5 2048 SigVer Per IG C.H Scenario 2, the MACE generates GCM IVs randomly as specified in SP800-38D section 8.2.2 using approved DRBG (Cert #A2265) and the IV length is 96 bits. The entropy for seeding the SP 800-90A DRBG is determined by the operator of the MACE which is outside of the Module’s physical and logical boundary. The operator shall use entropy sources that meet the security strength required for the random number generation mechanism as shown in [SP 800-90A] Table 3 (CTR_DRBG) and set required bits into the Module by using Load Entropy service listed in Section 4.3. Since entropy is loaded passively into the Module, there is no assurance of the minimum strength of generated keys. The MACE will not operate in an Approved Mode if the Module is not seeded by the external entropy. RSA SigVer [FIPS 186-2] is approved for legacy use only: verifying signatures that were performed starting September 1st 2020 and onwards is a not a FIPS 140-3 compliant use of this algorithm/service and cannot Motorola Solutions Public Material
Description / Key Size(s) / Key Cert # Algorithm Mode Use/Functions Strength(s) SHS Message Digest Generation, SHS [180] SHA2-256
817 Password Obfuscation
SHS SHS [180] SHA2-384 Message Digest Generation 2399 Table 6
The MACE shall be installed in the Motorola Solutions subscriber products. After authentication with the default password, the operator shall change the default password for the User role. The MACE is not usable until the factory default password is changed for the User role. Note that this makes it very important that physical access to the MACE is strictly controlled. The MACE shall be operated such that only approved Drop-in algorithms listed in the Table 3 are installed including Section 11 secure installation, initialization, startup and operation of the MACE.
The MACE’s ports and associated FIPS defined logical interface categories are listed in Table 8. Table 8
The MACE supports one distinct operator role, Cryptographic Officer (CO). Table 9 lists the operator role supported by the MACE and their related services. In addition, the MACE supports services which does not require to be authenticated, listed UA in Table 9. The MACE does not support a maintenance role and/or bypass capability. Motorola Solutions Public Material
Table 9
The MACE supports one distinct operator roles (Crypto-Officer). The MACE uses a 10-digit password to authenticate the Crypto-Officer. The Module ensures that there is no visible display of the authentication data. Motorola Solutions Public Material
Table 10
All services implemented by the MACE are listed in Table 11 and indicated use is based on the Module being in Approved Mode per Table 4. The MACE does not allow any non-approved services while operating in FIPS 140-3 level 2 mode. The SSPs modes of access shown in Table 11 are defined as:
Approved Security Keys and/or Access Service Description Roles Indicator Functions SSPs Rights DH-Pub Z DH-SS Z DH-CLI-Pub Z DRBG- WE AES Key Unwrap, EI/Seed Load entropy into the AES Certs. #A2261 Approved Load Entropy CO MACE. or #A2262, DRBG DRBG-State G Mode Cert. #2265 BKK E KPK E AES Key Unwrap Import keys Imports keys to the MACE (KTS), AES Cert. Approved over KYLD via a Key Variable Loader #A2260 KEK CO W Mode interface (KVL) in plaintext. AES Cert. #2264 TEK W KW [38F], Cert. KPK E Privileged Import, modify and query #A2264. Approved KEK CO WEZ APCO OTAR the keys. AES Certs. #A2261 Mode or #A2262. TEK WEZ Modify the currently active keyset used for Change Active Approved selecting keys for N/A N/A CO N/A Keyset Mode encryption/decryption services. UKKPK E PEK E Modify the current CKG, AES-256, Cert. KPK GEZ Change password used to identify #A2260. Approved KEK CO Z Password and authenticate the SHS [180], Cert. Mode User role. #817 TEK Z Password GEZ PWD Hash GEZ CKG, IDK-ROM EZ AES [197] CBC Cert. IDK-Block EZ Symmetric Key Generates the symmetric #A2261 or #A2262 Approved IDK CO GZ Generation keys AES CFB-8 Cert. Mode #A2260, DRBG Cert. KPK GZ #A2265 Motorola Solutions Public Material
Approved Security Keys and/or Access Service Description Roles Indicator Functions SSPs Rights AES [197], Cert. Encrypt digital voice or #A2261 or #A2262 Approved Encrypt TEK CO E data. Mode DRBG Cert. #2265 Decrypt digital voice or AES [197], Cert. Approved Decrypt TEK CO E data. #A2261 or #A2262 Mode Zeroize selected key KEK Z Approved Zeroize Keys N/A CO variables from the MACE. TEK Z Mode Key/Keyset Obtain status information Approved Check about a specific N/A N/A CO N/A Mode key/keyset. Generate Generate HMAC-SHA2- HMAC [198], Cert. Approved TEK CO E Signature 384 signature. #1796 Mode KEK W PKPK GE Perform a key agreement CKG DH-Priv GE Key process to create an DRBG Cert. #2265, Approved Agreement ECDH Shared Secret, and KAS-ECC [56Ar3], DH-Pub CO GRE Mode Process ECDH Public and Private Cert. #A2266, DH-SS GE Keys. ECDSA Cert. #A655 DH-CLI-Pub WE DRBG-State GE UKKPK E KPK GZ KEK Z Zeroize the KPK and all keys and CSPs in the key TEK Z Zeroize all database and causes a Approved keys and N/A Password CO Z new KPK to be generated. Mode password Resets the password to PWD Hash Z the factory default. PKPK Z DH-Priv Z DH-Pub Z Module Status Provide module version, Approved firmware version, FIPS N/A N/A UA N/A Mode status Motorola Solutions Public Material
Approved Security Keys and/or Access Service Description Roles Indicator Functions SSPs Rights Perform module self-tests comprised of cryptographic algorithm tests, firmware integrity Approved Self-Tests test, and critical functions N/A FW-LD-Pub UA E Mode test. Initiated by module reset or transition from power off state to power on state. UKKPK E PEK E Validate the current AES-256, Cert. KPK GEZ Validate password used to identify #A2260. Approved KEK UA Z Password and authenticate the SHS [180], Cert. Mode User role. #817 TEK Z Password Z PWD Hash Z Extract Error Provide the history of Approved N/A N/A UA N/A Log error events. Mode Clear Error Log Clears the history of error Approved N/A N/A UA N/A events. Mode DRBG- Z EI/Seed Reset/power cycle the DRBG-State Z Approved Reset N/A UA MACE. Mode DH-SS Z DH-CLI-Pub Z KPK GEZ KEK Z Download configuration Module Approved parameters used to N/A TEK UA Z Configuration Mode specify module behavior. Password WZ PWD Hash Z Note: The Module does not implement any Non-Approved Services and only provides an Approved Mode of operation. Motorola Solutions Public Material
The MACE is composed of base firmware version identified in Table
The MACE has a limited operational environment under the FIPS 140-3 definitions with a Physical Security at Level 2 therefore this section in not applicable. Motorola Solutions Public Material
The MACE is a production grade, single-chip cryptographic module as defined by FIPS 140-3 and is designed to meet Level 2 physical security requirements. The information below is applicable to cryptographic module hardware kit numbers 5185912Y03, 5185912Y05, and 5185912T05, which have identical physical security characteristics. The MACE is covered with a hard-opaque epoxy coating that provides evidence of attempts to tamper with the MACE. The security provided from the hardness of the MACE's epoxy encapsulate is claimed at ambient temperature (20 to 25 degrees Celsius) only. No assurance of the epoxy hardness is claimed for this physical security mechanism outside of this range. The MACE does not contain any doors, removable covers, or ventilation holes or slits. No maintenance access interface is available. No special procedures are required to maintain physical security of the MACE while delivering to operators. Table 12
The MACE does not implement any mitigation method against non-invasive attack. Motorola Solutions Public Material
The SSPs access methods are described in Table 13 below: Table 13
All SSPs (CSPs and PSPs) used by the MACE are described in this section. All usage of these CSPs by the MACE is described in the services detailed in 4.3. Table 14
256 G2 N/A N/A S1 Z2 Key (AES 256) and
State #A2265 derived from DRBGEI/Seed A 256-bit AES CBC key used in the reAES CBC Cert. construction of IDK per IDK ROM 256 #A2261 or G1 N/A N/A S1, S2 Z1, Z2 SP800-133r2 (Section #A2262
IDK Block A 256-bit AES CBC key used in the reAES CBC Cert. construction of IDK per IDK Block 256 #A2261 or G1 E1 N/A S1, S2 Z1, Z2 SP800-133r2 (Section #A2262
IDK ROM A 256-bit AES CBC key AES CBC Cert. used to decrypt IDK 256 #A2261 or G6 N/A N/A S1 Z2 downloaded firmware #A2262 images. A 256 bit AES key used AES ECB Cert. for decrypting Load BKK 256 #A2261, G1 N/A N/A S1, S2 Z1, Z2 entropy into the #A2262 MACE. AES CBC Cert. 256 bit AES Key used UKKPK 256 #A2261 or G1 N/A N/A S1, S2 Z1, Z2 for encrypting the KPK #A2262 in flash. AES CBC Cert. 256-bit AES CFB-8 key PEK 256 #A2261 or G1 N/A N/A S1, S2 Z1, Z2 used for decrypting #A2262 passwords. Motorola Solutions Public Material
Key/SSP Security Strength Genera- Import Establish- ZeroizaName/ Function / Storage Use / Related SSPs (in bits) tion /Export ment tion Type Cert. #
AES CFB-8 Cert. Z1, Z2, Z3, used to encrypt all KPK 256 #A2260, DRBG G4 N/A N/A S1, S3 Z4, Z5, Z6, TEKs and KEKs stored Cert. #A2265 Z7 in flash. AES KW Cert. 256-bit AES Keys used Z1, Z2, Z3, #A2264, AES E4, E5, for decrypting key KEK 256 N/A N/A S1, S3 Z4, Z5, Z6, OFB Cert. E6 blocks in the OTAR Z7, Z8, Z9 #A2260 service. AES KW Cert. 256-bit AES key used Z1, Z2, Z3, #A2264 AES for voice and data TEK 256 N/A E4, E5 N/A S1, S3 Z4, Z5, Z6, OFB Cert. decryption. Z7, Z8, Z9 #A2260 10-digit hexadecimal AES CFB-8 Cert. Z1, Z2, Z4, number user Password N/A N/A E3 N/A S1 #A2260 Z5, Z6, Z7 authentication password SHS [180] Cert. 256-bit password hash PWD #817 Z1, Z2, Z4, stored in the non-
Hash Z5, Z6, Z7 volatile memory. SHA2-256 256-bit AES KW used AES KW to store encrypted, the PKPK 256 G4 N/A N/A S1, S3 Z1, Z2, Z4 #A2263 ECDH generated private key. The Elliptic Curve Diffie-Hellman (DH) KAS #A2266, private key used for DH-Priv 192 ECDSA Cert. G3 N/A N/A S1, S3 Z1, Z2, Z4 establishing a shared #A655 secret over an insecure channel. The Elliptic DiffieHellman (DH) Shared Secret (SS) is DH-SS 192 KAS #A2266 N/A N/A G5 S1 Z2 established as a part of DH key agreement scheme. PSPs AES CBC 2048-bit RSA key used #A2261 or to validate the FW-LD- #A2262,
112 G1 N/A N/A S1, S2 Z1, Z2 signature of the
Pub RSA Cert. firmware image before #A5253 it is allowed. Motorola Solutions Public Material
Key/SSP Security Strength Genera- Import Establish- ZeroizaName/ Function / Storage Use / Related SSPs (in bits) tion /Export ment tion Type Cert. # The Elliptic Curve (EC) Diffie-Hellman (DH) KAS Cert. public key, used for DH-Pub 192 #A2266, ECDSA G3 E6 N/A S1, S2 Z1, Z2 establishing a shared Cert. #A655 secret over an insecure channel. The Elliptic Curve (EC) Diffie-Hellman (DH) public key from the DH-CLI- KAS Cert.
192 N/A E6 N/A S1, S2 Z1, Z2 other party, used for
Pub #A2266 establishing a shared secret over an insecure channel. Table 15
The MACE performs self-tests to ensure the proper operation of the MACE. Per FIPS 140-3 these are categorized as either pre-operational self-tests or conditional self-tests. Pre-operational self-tests are available on demand by power cycling the MACE. Conditional self–tests are periodically performed by the MACE as configured by the operator during module configuration as shown in Section 11.1.1. The MACE will not accept any commands when a periodic self-test is required; the commands still in the I/O buffer will be processed by the MACE at the end of periodic self-test when the I/O buffer is emptied. The MACE will reset if any self-tests fail, otherwise it will continue to operate normally. The MACE logs the most recent self-test errors to the internal flash; the operator (UA) can extract the error logs using Extract Error Log service list in section 4.3. The self-tests error states and status indicator are described in table below: Table 16
Table 18
2048 SHA2-256 and RSA-2048 (FIPS 186-5). The digital signature is verified ES2
(Cert. #A5253) SigVer upon download into the MACE. HMAC KAT HMAC-SHA2-384 KAT. ES1 (Cert. #1796) KAS-ECC Per IG D.F, separately tested KAS Shared Secret generation with P-384 KAT ES1 (Cert. #2266) and SP 800-56Cr2 one-step KDA RSA SigVer RSA-2048 SigVer, performed before FW integrity tests. Inclusive for KAT ES2 (Cert. #A5253) 186-2 (Cert. #396) SHS 256-bit KAT SHA2-256 KAT, performed before FW integrity tests. ES2 (Cert. #817) SHS 384-bit KAT SHA2-384 KAT ES1 (Cert. #2399) Motorola Solutions Public Material
The Module is originally a non-compliant module and must be initialized to be in Approved Mode. There is no Non-approved Mode. During initialization the operator shall configure the MACE from the instructions below:
The MACE is embedded in multiple Motorola Solutions, Inc. radios (aka, subscribers). Motorola uses commercially available courier systems such as UPS, FedEx, and DHL with a tracking number and requires a signature at the end by an authorized client.
Use radio specific user guide available on the www.motorolasolutions.com website for secure operations.
Use radio specific user guide available on the www.motorolasolutions.com website for secure operations.
The MACE does not require any special maintenance.
After the end-of-life, the operator should zeroize all SSPs using the “Zeroize all keys and password“ service listed in the Section 4.3 followed by shredding the MACE chip. Motorola Solutions Public Material
The MACE does not implement any mitigation method against other attacks. Motorola Solutions Public Material
The following standards are referred to in this Security Policy. Table 19
Abbreviation Full Specification Name Project 25
Acronym Definition OTAR Over The Air Rekeying PEK Password Encryption Key PKPK Private Key Protection Key PWCT Pair-Wise Consistency Test PWD Hash Password Hash RSA Rivest–Shamir–Adleman SSI Synchronous Serial Interface SSP Sensitive Security Parameter TEK Traffic Encryption Key UA Unauthenticated Service UKEK Universal Key Encryption Key UKKPK Universal Key for Key Protection Key Motorola Solutions Public Material