An apparatus and method dynamically creates security keys for a subscriber, having
at least one preexisting security credential set, and allows the configuration
for N key pairs or N keys (where the cryptographic system is a symmetric key system).
Such a system provides flexibility in assigning cryptographic algorithms and cryptographic
keys to facilitate a change in algorithm without requiring reinitialization of
a processing unit or subscriber. The apparatus and method provides a configurable
security key manifest, such as a template or table, operative to contain a non-prespecified
number of security keys. A security officer or other source may input key configuration
data to a graphic user interface template or other suitable mechanism to configure
the security key manifest. Once configured (populated), the apparatus dynamically
controls the generation of at least one new security key for the subscriber based
on received key attribute data and based on the differences in current and prior
security key manifests.