Versions Compared

Old Version 3

changes.mady.by.user user-e1945

Saved on

compared with

New Version Current

changes.mady.by.user user-53c2a

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Secret Security applies an End-To-Site security model , where audio data is encrypted on one call-end and decrypted on PBX side. This model, used within Enterprise VoIP Security Suite, uses the same paradigm of VPN: the call is secured outside of the company network and goes in clear inside the company network. The main encrypts audio stream on each end of the call and on PBX. PBX acts as encrypted media exchanger and encryption key dealer. So each end connects securely with common

Brand
brandserver
, using VPN style security model.

Main advantages of End-To-Site security model are:

  • interoperability with existing phone networks for crypto-to-clear and clear-to-crypto setup
  • advanced telephony features, such as 3-way calling and conference room

Verifying call security

Call is automatically secured during call setup so it does not require any human intervention. As soon as call is established you can immediately start to talk with securely your peer. The overall security verification system is based on TLS digital certificate verification. The  

Brand
brandclient
Enterprise client automatically  automatically verifies the digital certificate of the SIP/TLS server and (if it's recognized and authentic, authenticated) then the connection will be automatically secured.

Subtitle
Prefixfigure
SubtitleTextBlackBerry
AnchorNamebb encryption

Image Modified

Subtitle
Prefixfigure
SubtitleTextAndroid
AnchorNameandr encryption

Image Modified

Subtitle
Prefixfigure
SubtitleTextiPhone
AnchorNameiphone encryption

Image Modified

 

 

...

This security model is exactly the same as HTTPS with internet browser, given the fact that on

Brand
brandserver
there is a valid digital certificate the call can be considered secure. By default,
Brand
brandclient
will not accept invalid SSL certificates, such as:

...

On BlackBerry phone the message may be different, because it is a warning message of the operating system. It may also change in every operating system release.

Custom Certificate Authority

Since security is based on TLS digital certificates, it is mandatory that server certificates are signed by a known and trusted certificate authority. If your certificates is signed by a new CA (not present in phone CA list at ship time) or your private CA, you can import the CA's certificate and trust it. This feature is available only for OEM version of

Brand
brandclient
.

...