End-to-End Encryption used by Governments World-wide

Security

Cellcrypt's solution addresses security on multiple levels and establishes an encrypted call between trusted devices. Cellcrypt’s products have been certified to FIPS 140-2 standard, approved by the US National Institute of Standards & Technology (NIST).

Key Generation

A unique private key is generated on the user handset during the installation to identify the device. No other copy exists on another device or server.

Trust Management

Each phone has a phonebook of trusted numbers and their associated public key without the need for a central server or certificate authority.

Key Exchange

When making or receiving a secure call, the encryption engine authenticates the other party and generates a unique session key that lasts only for the duration of the call.

Signaling Encryption

Signaling information that sets up a voice call is encrypted to prevent an eavesdropper from gathering information on the phone number and identity of the participants of a conversation.

Voice Encryption

End-to-end security is enabled because only trusted mobile phones at each end of the secure call perform cryptography.

Cryptography

Cellcrypt uses standard encryption technologies including:

Advanced Encryption Standard (AES) for symmetric encryption
Elliptic-Curve Digital Signature Algorithm (ECDSA) for digital signatures
Elliptic Curve Diffie-Hellman (ECDH) for key agreement
Secure Hash Algorithm (SHA) for message digest

Public Cryptography
(2048-bit RSA, & ECDSA, ECDH using curves with 384-bit prime moduli)
RSA and ECDSA are used for authentication. The key pairs are generated on the phone during the installation and are unique to each phone. A private key is never shared. The Elliptic Curve Diffie-Hellman (ECDH) and RSA algorithms are used for key exchange. The session key is only valid for one phone call and securely destroyed after use.

Symmetric Cryptography
(AES & RC4, both 256 bits)
Both encryption algorithms are used at the same time. The data packet is first encrypted with RC4 and the cipher text is then encrypted again with AES in Counter Mode (CTR). Both algorithms are initialized with the exchanged session keys.

Hashing Algorithms
(SHA512)
Industry standard hashing algorithms are used for increased integrity assurance.

Random Number Generation
A 2048 bit seed pool is generated during the installation and is periodically updated. The initial seed is derived from the microphone input.

Quick Links

Office Addresses

North America	Europe	Middle East, Africa & Asia
8300 Boone Blvd. Suite 500 Vienna, VA 22182-2681 United States Tel: +1 (703) 879-3328	13-15 Carteret Street London SW1H 9DJ United Kingdom Tel: +44(0) 2070 995 999	Bayswater Building, 20th Floor Office 2002, PO Box 38255 Business Bay, Dubai UAE Tel: +971 (0)4454 1271
(West Coast Office)	Latin America
530 Lytton Avenue 2nd Floor Palo Alto, CA 94301 United States Tel: +1 (650) 617-3219	Latitude One 175 SW 7th Street, Suite 1411 Miami, FL 33130 United States Tel: +1 (786) 999-8425

In This Section

Security

Key Generation

Trust Management

Key Exchange

Signaling Encryption

Voice Encryption

Cryptography

Quick Links

Office Addresses

North America

Europe

Middle East, Africa & Asia

(West Coast Office)

Latin America