Cryptify Call is a voice encryption solution for Smartphones, the iOS variant of which has been granted CPA approval when deployed in accordance with these procedures.
The solution uses the CESG preferred MIKEY-SAKKE algorithms for key exchange and Advanced Encryption Standard (AES) for media encryption. The design of the system and the use of MIKEY-SAKKE ensures that the organisation provisioning the service remains in full control of all of the key material.
Cryptify Call provides a similar interface to the normal phone dialler application and uses phone numbers (which may be the same as the user’s normal phone number if desired) as the identifier for a user.
Cryptify Call provides end to end encrypted voice communications between two parties and mutual trusted authentication of the parties.
The solution consists of the Cryptify Caller Application, which is a Smartphone application, and two central functions; the Cryptify Management System and the Cryptify Rendezvous Server. The architecture divides the central functions in security domains where the Cryptify Management System (CMS) is handling all sensitive information, and open domains for VoIP traffic, where no sensitive information is exposed unencrypted, handled by the Cryptify Rendezvous Server (CRS).
Cryptify Rendezvous Server (CRS); The CRS handles VoIP support functions, e.g. signalling for session establishment, media relaying ensure robust media handling, and acts as a storage area for the encrypted key renewal material.
The shared CRS is a redundant pair of servers that can be either hosted by the customer ogranisation or outsourced to the Cryptify company in the UK.
Cryptify Management System (CMS): The CMS is a user-friendly administration tool for the security officer. As the CMS handles all the security related data for the organization it must be protected from external exposure.
In order to fully protect the CMS it operates on an off-line computer, i.e. is not connected to any network, and hence is completely isolated from Internet threats.
Each organization handle their own CMS which gives its owner absolute and exclusive control of all key material for all its users.
Cryptify Caller Application (CCA): The CCA is an easy-to-use iOS application that can use either a Wi-Fi or a mobile broadband networks to make secure calls / SMSs.
Being able to utilize Wi-Fi networks in addition to mobile broadband networks does not only provide extra resilience of the service availability, but also a cost efficient alternative when, e.g. traveling abroad.
The application can be distributed either via AppStore, or by using a Mobile Device Management (MDM) platform. In order to make secure calls the application must be armed with the key material provided by the initiation letter. The CMS owner invites users to its security domain by printing an initiation letter.
Once a month the application automatically fetches refreshed key material stored on the CRS.
Certification, evaluations and accreditations held
CPA evaluation by CESG
Certification number: VOIPC33470913
Features / Benefits:
End-to-end encrypted and authenticated voice
End-to-end encrypted voice is a full duplex voice service that allows two end-users to communicate securely
End-to-end encrypted and authenticated text messaging
An end-to-end encrypted text message is an SMS-like service that allows two end-users to communicate securely
MIKEY-SAKKE based key exchange
Cellular and Wi-Fi complaint