When the STU-III terminal is installed, the STU-III
custodian sets up the terminal with the seed key. A seed
key is issued to a particular terminal only. The seed key
contains a microchip that is embedded electronically
with identification information. This information
includes the level of security authorized for that
Once the custodian inserts the seed key into the
terminal, the information on the key is transferred to the
internal memory of the terminal. At this point, the seed
key no longer contains any information and is
considered to be empty.
The information in the terminal is electronically
registered with the Key Management Center (KMC)
located in Finksburg, Maryland. The KMC is the central
authority responsible for controlling the key material
and issuing reports of compromised keys. The user can
discuss classified information up to the security level
that has been keyed to the terminal.
The crypto-ignition keys (CIKs) can now be made
for users to activate the secure mode. The CIKs are
empty keys with no information embedded in the
metal strip. When the empty keys are inserted into the
terminal, some of the information that is now stored in
the terminal from the seed key and other information in
the memory is transferred onto the metal strips. This
information becomes an electronic password on the
CIKs for that particular terminal, making the CIKs
unusable on other terminals. The terminal maintains a
list of authorized CIKs for each key in its memory.
When using a STU-III with remote or dial-in, users
parameters will be set according to the Secure
Telephone Unit Third Generation (STU-III) COMSEC
Material Management Manual (CMS 6) and locally
Levels of security classification, keying
instructions, rekey instruction, CIK management will
be decided by the user and the users communications
facility. All users must meet the minimum security
Training on the STU-III will be documented in
accordance with CMS 6 and local instructions.
As we mentioned earlier, the secure mode of the
STU-III is activated and deactivated using a CIK.
When the CIK (figure 1-3) is inserted into the terminal,
the STU-III can be used in the secure mode up to the
classification of the keying material. Without the CIK,
the STU-III operates as an ordinary telephone.
Calls are always initiated in the clear. To go from a
clear to a secure voice transmission, either caller simply
presses his or her SECURE VOICE button after the CIK
is used to activate the secure mode.
Once a secure link has been initiated, the two STU-
III terminals begin exchanging information. The
information exchanged includes the identity of the CIK
of the distant-end person, the list of compromised CIKS,
and the common level of classified security information
to which the two callers have access.
When two terminals communicate in the secure
mode, each terminal automatically displays the
authentication (identification) information of the
distant terminal. This information is scrolled through
the display window during secure call setup. The first
line of the identification information and the
classification are displayed for the duration of the
The information displayed indicates the approved
classification level for the call, but does not authenticate
the person using the terminal. Each terminal user is
responsible for viewing this information to identify the
distant party and the maximum security classification
level authorized for the call.
The STU-III terminals and keys are COMSEC
material. The terminals and keys may be administered
either through the STU-III custodian or the CMS
custodian. Both the terminals and keys are issued to
users and must be signed for. Since the seed key is
classified, it must be afforded protection for the level of
classification in accordance with Secure Telephone Unit
Third Generation (STU-III) COMSEC Material
Management Manual, CMS 6.
Because CIKs permit the STU-III terminals to be
used in the secure mode, the CIKs must be protected
against unauthorized access and use. CIKs may be
retained by the users who sign for them on local custody.
Users must take precautions to prevent unauthorized
access and must remember to remove the CIKs from the
When the terminals are unkeyed, they must be
provided the same protection as any high-value
government item, such as a personal computer. When
the terminal is keyed, the terminal assumes the highest
classification of the key stored within and must be
protected in accordance with the classification of that