SECURE VOICE AND MESSAGING ON SMARTPHONE & TABLET
For most companies and government organizations, the damage caused by the interception of communication between key individuals would be dramatic.
Cryptify Call is an easy-to-use smartphone and tablet application providing secure voice calls and secure messaging, world wide.
SIMPLE – FLEXIBLE – SECURE
Cryptify Call delivers government grade (CESG CPA) secure voice and messaging to smartphones and tablets.
ANDROID – IOS – WINDOWS
Compatible with iPhone and Samsung smartphones and runs on PC’s running Windows OS
AVAILABLE ON THE APP STORE
Cryptify Call is available as a free download.
GPRS, EDGE, 3G, 4G or Wi-Fi
Cryptify will work on any data enabled network, however best performance will be on 3G, 4G and WiFi networks.
IMAGE AND FILE TRANSFER
- Transfer images easily from within your photos
- Attach files to messages
- Send to single recipients or groups
GROUP CALLS AND MESSAGING
- Uses your existing contact list
- Supports group calls between phones and windows PC
- Supports group messaging between phones and windows PC
- NEW – NOW SUPPORTS CONFERENCE CALLS
INTER DOMAIN WORKING
- Organisations typically operate within their own security domain
- System administrators can set up inter domain working
- Once paired, users can call any user in their home or paired domain
What is Cryptify Call?
Cryptify Call provides end-to-end encryption and authentication of voice calls and messages using Smartphones and PCs.
It enables communication over existing mobile broadband and Wi-Fi networks. Being able to use Wi-Fi in addition to the mobile broadband services ensures a cost-efficient solution that provides even better availability than a regular mobile voice service.
Cryptify Call is broadly recognized for being easy to use, intuitive and is as simple as making an ordinary phone call or SMS. Cryptify Call works in parallel with the ordinary functions of the phone enabling users to choose whether to make a secure or an ordinary call.
The system consists of the Cryptify Call application and two central functions; the Cryptify Management System (CMS) and the Cryptify Rendezvous Server (CRS).
The architecture divides the central functions, with the offline CMS handling all sensitive information and the CRS handlings VoIP traffic and importantly not handling any unencrypted information.
What is the Cryptify Management System (CMS)?
The CMS is a user-friendly key management system that provides your organisation with absolute and exclusive control of all cryptographic material for your security domain.
The CMS software operates on an off-line computer and is therefore protected from Internet attacks. The CMS generates highly sophisticated encryption algorithms, distrubuted as QR codes.
To activate a new device simply open the Cryptify App and scan the QR code when prompted. The new device is now registered on the system and ready to use.
Subsequent monthly updates of the cryptographic key renewal are automatically and seamlessly delivered “over-the-air”, by the CRS, to all registered devices.
The CMS software is provided free of charge, or it can be managed by Serbus under a service support package.
What is the Cryptify Rendezvous Server (CRS)?
The Cryptify Rendezvous Server (CRS) is a server designed to handle the IP telephony functions and does not have access to any sensitive client data within the system. Its key functionality is to provide:
- Automatic account registration
- Establishment of VoIP calls between handsets
- Relay support of media
- Monthly distribution of cryptographic key material. This is sent directly from the CRS to the smartphone and is seamless to the end user.
The CRS, provided free of charge, is hosted by Cryptify AB in Sweden.
If your organisation prefer to host the CRS on its own servers, the CRS software will be provided free of charge.
What is the Cryptify MIKEY SAKKE key management process?
Users receive their key material from the CMS, in the form of a QR code printed in their initiation letter. This is then scanned into the Users device which enables them to establish a connection with the CRS.
User 1 can now send a secret key, in this case the session key, to User 2, using MIKEY-SAKKE algorithms over the Internet in an encrypted and authenticated manner.
By giving each user a set of five keys, MIKEY-SAKKE provides a method for an unlimited number of users to create an encrypted and authenticated relationship to any user without using any online key server.
The communication is based on a session establishment protocol for IP telephony together with MIKEY-SAKKE to handle the exchange of session unique keys.
The users automatically attach to the CRS and the CRS keeps a connection active for each attached user, making it possible for the CRS to reach that user even if the mobile is in a standby state.
Even though MIKEY-SAKKE messages are piggybacked to the signalling it is important to note that the CRS is not involved in any cryptographic activities and is completely unaware of session keys etc.
The communication between a user and the CRS is however encrypted using Transport Layer Security (TLS) rendering it impossible for anyone to analyse intercepted signalling messages.
The communication between the phones is based on the SRTP protocol carrying the Voice over IP (VoIP) payload encrypted with 128-bit AES.
What is CESG CPA?
CESG is the UK government’s national technical authority for information assurance (IA). It protects the UK by providing policy and assistance on the security of communications and electronic data, in partnership with industry and academia. The group is known as CESG.
CPA – Commercial Product Assurance evaluates commercial off-the-shelf products, and their developers, against published security and development standards.
A security product that passes assessment is awarded Foundation Grade certification. This means the product is proven to demonstrate good commercial security practice and is suitable for lower threat environments.
CPA certification is valid for two years and allows products to be updated during the lifetime of certification as vulnerabilities and updates are required. Products are tested against published CPA Security Characteristics, so:
vendors are aware of the assessment criteria to develop against
data owners can be confident that certified products have been tested against NCSC standards
the CPA scheme library contains the documents that relate to the scheme
What is the Cryptify Interconnect Gateway (CIG)?
The Cryptify Interconnect Gateway enables an enterprise to connect secure calls to the office PBX, such as Microsoft Lync, or Cisco Call Manager.
In addition to enabling secure calls to and from office/landline numbers, the secure mobile can access available PBX features such as conference calling and voicemail.
Will Serbus integrate Cryptify into our organisation?
Yes – Serbus recognise that many organisations will require integration of new secure services with existing services.
The Cryptify Call application and recommended device lock downs are perfectly suited to the MDM environment.
Also, if you wish to communicate securely from your existing office based IP PBX phone network to your deployed team on the ground we can provide you with a Cryptify Interface Gateway (CIG).
We will be pleased to speak with you about your requirements.
What is the Cryptify perpetual license?
The Perpetual Licence provides organisations with ultimate deployment flexibility. Manage your own domain, manage users, host your own private Cryptify Rendezvous Server (CRS), or let Serbus do it for you at our secure List-X facility.