DSD 72A-SP (STM) SONET/SDH Encryption

DSD 72B-SP (STM) SONET/SDH Encryption for Fiber Optic Network Security

Strategic-Level SONET/SDH Encryption and Secure Communications for Military

DSD 72A-SP (STM) ruggedized SONET/SDH encryption provides strategic-level path encryption of voice, data and video transmitted over fiber optic networks. Protocol agnostic and with automated KEYNET key and device management, DSD 72A-SP (STM) SONET/SDH encryption is a cost-effective, secure communications solution for global mission-critical networks.


  • Strategic-level data protection
  • Interoperable with industrial and rugged industrial variants
  • Wirespeed 155.52 Mb/s and 622.08 Mb/s performance
  • Flexible configurations
  • AES 256-bit
  • National algorithm easily integrated
  • Layers of protection
  • No network modification or performance impact
  • Cost-effective investment
  • Easy to deploy, monitor and manage

Optical Data Encryption

DSD 72A-SP (STM) SONET/SDH Encryption Seamlessly Overlays on Networks

With full compliance to the SDH/SONET standards, DSD 72A-SP (STM) SONET/SDH encryption integrates as a network overlay on existing or new networks—no network modification is required and network performance is not affected. With protocol-agnostic path encryption, DSD 72A-SP (STM) SONET/SDH encryption is only required at network end points. Individual path virtual container data payloads are encrypted, leaving path overhead in the clear for unrestricted network switching of each virtual container with no plaintext exposure of the path-encrypted payload.

Optical Data Protection

Networked fiber optic lines are vulnerable to interception. Leasing commercial fiber optic circuits as part of an organization's network infrastructure potentially exposes data at repeaters, adjunct multiplexors, switches and digital cross connects. Even where network elements are under the control of the user, fiber optic lines themselves can be tapped anywhere along the path. The risk is magnified by the high volume of data on these links, making fiber optic networks a target for an adversary to attack.

DSD 72A-SP (STM) Cryptographic Strength

DSD 72A-SP (STM) SONET/SDH encryption a FIPS 140-2 Level 3 designed, hardware-based encryption solution with full line-rate performance. All peer-to-peer communications are secured with no data bandwidth impact. DSD 72A-SP (STM) SONET/SDH encryption comes in an anti-tamper rack-mountable enclosure with physical lock, meets MIL-SPEC standards and is 19" rack mountable. Three-tier symmetric key management with lossless automated key changes and multiple independent path-dedicated data encryption engines using the AES 256-bit algorithm maximize protection. Optionally, national algorithms can be integrated without hardware modification.

SONET/SDH Encryption Is Managed by KEYNET Optical Manager

DSD 72A-SP (STM) SONET/SDH encryption and its interoperable industrial and rugged industrial variants are centrally deployed, configured and managed by TCC's advanced KEYNET Optical Manager. KEYNET is a Windows 7 rack mount server with tamper-proof security vault. Multiple layers of protection secure keys at every point in their life cycle with limited human intervention.

KEYNET Optical Manager also provides user-authenticated, role-based secure device management, as well as path configuration and monitoring that supports network policies (blocked, plain, secure). With an intuitive user interface and automated polls, alarms and logs, a network expert is not needed for trusted key and device management of a large network.

DSD 72B-SP frame-sensitive SONET/SDH encryption

SONET/SDH Encryption Specifications


 Supports both SONET and SDH protocols

 Transparent handling of SONET/SDH section & path headers

 Adaptable payload configurations


  • 1 x VC-4-4c (concatenated payload)
  • 4 x VC-4s
  • 3 x VC-4 and 3 x VC-3s
  • 2 x VC-4 and 6 x VC-3s
  • 1 x VC-4 and 9 VC-3s
  • 0 x VC4s and 12 x VC-3s


  • 1 x VC-4
  • 3 x VC-3s

 Seamlessly works with network elements anywhere in the network path without exposure of unencrypted data payloads


 Transceivers for each line I/O interface

  • STM-4 (OC-12) @ 622.08Mbps - optical
  • STM-1 (OC-3) @ 155.52Mbps - optical
  • ITU-T G.703 STM-1/ES1 (§15) @ 155.52Mb/s - electrical

Device Management

  Remotely via KEYNET Optical Manager (or at device via CLI)

  Messages encrypted and authenticated with SNMP and TCC secure subset

 Key changes handled without traffic interruption

 Dedicated device management key used for each device

 Cryptographically authenticated access controls

  Interoperable with DSD 72B-SP (RI), and DSD 72A-SP (STM)

Encryption Algorithm

  AES-256 - standard

  National algorithm

Key Management

 Symmetric key with three-level secure key management

  Remote, online management with KEYNET Optical Manager

  SHA-256 integrity and authentication

Functional Design

  Ruggedized enclosure

 Access control and anti-tamper package design

 Highly reliable under adverse environmental conditions

  Standard 19" rack mountable

 Operational temperature: -20°C to +55°C

  • 100V to 240VAC / 50Hz, 60Hz, 400 Hz
  • +24VDC
  • -48VDC


TCC is dedicated to quality products and services. TCC is ISO 9001 certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality systems in design/development, production, installation and servicing.

Cipher One

CipherONE® Optimized Network Encryption

Our solutions meet TCC's CipherONE Optimized Network Encryption best-in-class criteria for maximum cryptographic strength, and are optimized for performance and ease of use for our customers.

Read More