Private Switch Solution

Create and manage your own secure and private voice-calling network

Cellcrypt delivers strong encryption across cellular networks whilst maintaining high performance voice call attributes such as fast call set up, high voice quality and low latency. It does this by using Encrypted Mobile Content Protocol™ (EMCP) over the IP (internet Protocol) data channel and Cellcrypt’s Encrypted Content Delivery Network™ (ECDN), a global network of Internet-based servers for fast and reliable data delivery.

For organizations that require complete infrastructure control for call signaling and user management, Cellcrypt provides enterprise server software, Cellcrypt Private Switch™, that installs and operates entirely on customer-defined equipment and is administered via a web-based management console that only customer-authorized users can access. Cellcrypt’s Private Switch consists of a Management Console and Signaling Server, enabling organizations to manage and control a completely private network of devices, users and secure numbers.

Cellcrypt’s Private Secure Voice Network Cellcrypt offers the most flexible yet secure voice architecture available:

• Cellcrypt secured mobile phones call other Cellcrypt secured mobile phones
• Cellcrypt secured mobile phones call Cellcrypt secured PBXs landlines
• Cellcrypt secured PBX landlines call other Cellcrypt secured PBX landlines
• Different office telephony systems can be securely bridged using Cellcrypt Enterprise Gateway
• In combination with PBXs, Cellcrypt Enterprise Gateway routes calls to and from office phones or calls out to phones on the public telephone network

• Key features
• Platforms
• Networks
• Cryptography
• Datasheet

• Secure enterprise software consisting of a Signaling Server and web-based Management Console

Signaling Servers

• Full, scalable control of user’s secure calling network
• Full control of call signaling and call routing
• Full control of infrastructure and data
• Private registration of users and devices
• Secure call signaling and secure call traffic

Performance

• Web-based with easy-to-use navigation such as hyperlinks, global search, recently viewed
• Manages user groups, licenses, devices and secure number plans
• Multiple items per set (e.g. multiple devices per license, multiple secure numbers per device)
• Hierarchical user groups with multiple layers of owner, provider and user
• Role-based access with administrator, support, view and view privileges
   

Supported Platforms:

• Linux /x86, running on standard hardware sized according to expected system capacity
• Default ports used:
  • 443 TCP for Signaling Server and Management Console
  • 7351 UDP for Media Server
• IE 7+, Firefox 3+ and Safari 4+ browser access to Management Console
• Optional integration with OpenSSL to provide SSL support on Signaling Server and Management Console
• Reference solutions for resilient configurations with automatic failover are available on request
  • Uses an active/passive pair of signaling servers and an extensible set of media servers
  • Requires additional hardware for SSL termination and automatic fail-over
     

Not applicable

Cellcrypt uses standard encryption technologies including:

• Advanced Encryption Standard (AES) for symmetric encryption
• Elliptic-Curve Digital Signature Algorithm (ECDSA) for digital signatures
• Elliptic Curve Diffie-Hellman (ECDH) for key agreement
• Secure Hash Algorithm (SHA) for message digest

In addition, before these algorithms are processed, Cellcrypt uses additional algorithms for added security (double-wrapping). For example, the voice call is first encrypted using RC4-256 bit and then encrypted again using AES-256 bit.

Public Cryptography
(2048-bit RSA, & ECDSA, ECDH using curves with 384-bit prime moduli)
RSA and ECDSA are used for authentication. The key pairs are generated on the phone during the installation and are unique to each phone. A private key is never shared. The Elliptic Curve Diffie-Hellman (ECDH) and RSA algorithms are used for key exchange. The session key is only valid for one phone call and securely destroyed after use.

Symmetric Cryptography
(AES & RC4, both 256 bits)
Both encryption algorithms are used at the same time. The data packet is first encrypted with RC4 and the cipher text is then encrypted again with AES in Counter Mode (CTR). Both algorithms are initialized with the exchanged session keys.

Hashing Algorithms
(SHA512)
Industry standard hashing algorithms are used for increased integrity assurance.

Random Number Generation
A 2048 bit seed pool is generated during the installation and is periodically updated. The initial seed is derived from the microphone input.

Cellcrypt Private Switch

Cellcrypt Private Switch (Spanish)