slaider
Communication network

card product

» Products » Communication network » Secure VoIP and IM Communication System
Secure VoIP and IM Communication System

Background

International large-scale enterprises establish a number of offices worldwide, as well as many overseas offices. The global distribution of various functional departments needs to maintain timely communication via means of communication including voice, text messaging, and file transfer. Due to the commercial sensitivity and confidentiality needs of the exchanged information, we need to use encryption to protect the security of the communication content against eavesdropping and sabotage.
Traditional GSM-based secure communication suffers low rate of data channel, poor encrypted voice quality. Its operation is limited by the operator’s GSM voice coding or CSD data service deployment. Therefore, traditional GSM-based mobile phone communication is unable to meet the international demand for the company’s international and domestic operations.
At present, most countries have established a nationwide WCDMA and LTE wireless communication network. Data services costs are very low and the data communication rate can meet the requirements of VOIP and IM communications. Therefore, packet domain based communications solutions are able to adapt to the international and domestic needs of large enterprises international business. Our solutions are based on packet domain confidential VOIP and Instant messaging communication. All business are using encryption technology.

 

1. System Functions

Without any changes to network topology (IMS/soft switch) and communication infrastructure, Secure VoIP Communication Solution provides VoIP service with secure encryption protection, and seamlessly integrates with 3G, 4G IP mobile terminals. A comprehensive SIP-based VoIP security system is built.

 

Its main functions are:

  •  Provide SIP-based voice, video and data encryption protection;
  •  Provide encryption protection under scenarios including voice/video conferencing, voice monitoring and terminal roaming;
  •  Support SBC (Session Border Control) NAT under soft switch / IMS system;
  •  Support configuration, monitoring, and logging of on-line devices;
  •  Provide end-to-end encryption service for terminals;
  •  Support key generation, distribution, change and destruction;
  •  Support operational logs audit;
  •  Support firmware upgrade

 

 

2. System Specifications

Secure VoIP Communication Solution is composed of client, key management system and service system, as shown below.

 

 

System main specifications are:

  • System capacity: end users ≥5000 and scalable;
  • Maximum increase of call setup time is no more than one second;
  • Support IPv4, can be extended to IPv6;
  • Encrypted transmission protocol: improved SRTP/SRTCP encapsulation protection
  • Adopt block cipher, support algorithms and algorithm parameters change;
  • Support on-line key negotiation (proprietary protocol);
  • Support off-line distribution of device certificate and keys;
  • Key are generated via standard white noise source;
  • Support crypto algorithms of SM2, SM3, SM4, and ZUC;
  • One session one key, and keys are automatically destroyed when the session ends;
  • Quality of encrypted communication: MOS value exceeds 3.5;
  • Voice delay of encrypted communication: less than 1 second;
  • Encrypted call connection success rate: ≥90%
  • Encrypted call traffic consumption:
    • Smartphone: <400KB/min
    • desktop: <300KB/min

 

 

3. System Devices

1 Secure Smartphone
Secure Smartphone it has OS: Privis Linux  and  Virtual Android, together with TF crypto card and SecCall VoIP software, it achieves VoIP encryption call, secure IM chat as well as key management.

 

TF crypto card

+

Secure Smartphone

 

 

1. Secure Smartphone (SS): With crypto TF card inserted in it, secure smartphone provides end-to-end encrypted voice and IM services. Its features include the following:

  • Crypto algorithm calculation and key generation implemented on TF encryption card;
  • Support SM2, SM3, SM4, and ZUC crypto algorithms;
  • SM2 realized identity identification and key negotiation; ZUC realized voice encryption protection; SM4 realizes communication data encryption protection; SM3 realizes message digest;
  • Voice encryption key length:128 bits;
  • One session one key encryption mechanism;
  • Quality of encrypted communication: MOS value exceeds 3.5;
  • Voice delay of encrypted communication: less than 1 second;
  • Encrypted call connection success rate: ≥90%
  • Encrypted call traffic consumption:<400KB/min

 

2. TF crypto card

TF crypto card realizes SM2/SM3/SM4/ZUC crypto algorithms calculation, random number generation, key generation, key storage, and certificate storage. It is the security root of secure VoIP communication.

  • Micro SD interface
  • Smart card

32-bit Chinese high-performance smart card chip
Processor frequency not less than 40 MHZ
64KB secure storage space
Support SM4 algorithm
Support ECB / CBC / OFB mode
Support SM2 public key algorithm
Support ZUC algorithm
Key pair is generated via hardware for digital signature; Private key can never be exported from TF crypto card
Product hardware unique serial number and product number
Storage read speed 6MB / s, write speed 2MB / s

2. SecCall VoIP software

SecCall VoIP software achieves VoIP encryption call function as well as secure IM chat. The software adopts modular design, high-strength key agreement mechanism and encryption. The use of advanced voice engine and related voice processing technology assures high quality voice calls.

 

Secure Smartphone Specification

NETWORK Technology GSM/CDMA/HSPA/EVDO/LTE
LAUNCH Announced Status 2018
BODY

Dimensions

151.7 x 75 x 7.9 mm (5.97 x 2.95 x 0.31 in)

Weight 170 g (6.00 oz)
SIM Hybrid Dual SIM (Nano-SIM, dual stand-by)
DISPLAY

Type

AMOLED capacitive touchscreen, 16M colors

Size 5.5 inches, 83.4 cm2 (~73.3% screen-to-body ratio)
Resolution 1440 x 2560 pixels, 16:9 ratio (~534 ppi density)
Multitouch Yes
– MiFavor UI 4.0
PLATFORM

OS

Privis Linux and Virtual Android

Chipset Qualcomm MSM8996 Snapdragon 821
CPU Quad-core (2×2.35 GHz Kryo & 2×1.6 GHz Kryo)
GPU Adreno 530
MEMORY

Card slot

microSD, up to 400 GB (uses SIM 2 slot) or TF crypto card

Internal 128 GB, 6 GB RAM
CAMERA

Primary

Dual: 12 MP (f/1.8, 1/2.8″, 1µm, PDAF) + 20 MP; phase detection autofocus, dual-LED dual-tone flash

Features Geo-tagging, touch focus, face detection, HDR, panorama
Video 2160p@30fps, 1080p@30fps
Secondary 8 MP
SOUND

Alert types

Vibration; MP3, WAV ringtones

Loudspeaker Yes
3.5mm jack

Yes

– 24-bit/192kHz audio

– Active noise cancellation with dedicated mic

COMMS

WLAN

Wi-Fi 802.11 a/b/g/n/ac, dual-band, WiFi Direct, hotspot

Bluetooth v4.2, A2DP, LE
GPS Yes, with A-GPS, GLONASS
NFC Yes
Radio No
USB Type-C 1.0 reversible connector
FEATURES

Sensors

Fingerprint (rear-mounted), accelerometer, gyro, proximity, compass

Messaging SMS(threaded view), MMS, Email, Push Email, IM
Browser

HTML5

– Fast battery charging (Quick Charge 3.0)

– MP4/H.264 player

– MP3/WAV/FLAC/eAAC+ player

– Photo/video editor

– Document viewer

BATTERY   Non-removable Li-Ion 3400 mAh battery
MISC Colors Gold

 

 

2. SIP Encryption Phone (SEP): SEP is deployed at the user side. As an integrated secure voice communication terminal it offers encryption protection for media flow. It is simple to operate as the ordinary civil SIP telephone with some features in the following:

  • Audio encoding and decoding mode: G.711A/U, G.729, G.726
  • Network interface: Two 10/100M Ethernet interfaces
  • Network protocol: TCP/IPv4, UDP, RTP/RTCP, DHCP etc.
  • Call control protocol: SIP/SDP, support software switch and IMS network environment
  • Encrypted transmission protocol: adopt improved IPSec ESP encapsulation
  • Encryption Rate: ≥1Mbps
  • Encrypted call traffic consumption:<300KB/min
  • Dimension: Depth 16.8cm, Width 22.6cm, Height 6.8cm
  • Power supply:
    AC: voltage 5.0×(±10%)V, power consumption ≤10W;
  • Environment:
    Operating temperature: 0℃~45℃
    Storage temperature: -40℃~65℃
    Relative Humidity: 20%~80%

 

 

 

3. SIP Terminal Encryptor (STE): STE is deployed at the line side of SIP/IMS and connected between the SIP and network to protect one or more SIP telephones. Its features include the following:

  • Two Ethernet interfaces: The two interfaces are separately located at the network side and user side with 10/100Mbps Ethernet electrical interface, 10/100 Base-T/TX self-adaption, physical interface mode RJ45;
  • Secure communication throughput: 2M;
  • Maximum concurrent secure tunnels: 4;
  • Dimensions:Depth 9.2cm, Width 13.2cm, Height 2.8cm;
  • Power supply:It supports external power supply with Voltage 5.0×(1±10%)V; power consumption≤5W;
  • Environmental:

Operating temperature: 0 ℃ ~ 45 ℃;
Storage temperature: -40 ℃ ~ 65 ℃;
Relative humidity: 20% ~ 80%;

 

 

 

4. VoIP Key Management Center (VKMC): VKMC is normally deployed in the subnet where IMS network element exists with functions such as equipment registration, certification distribution, key distribution, on-line centralized configuration and destruction for STE, SEP, SS. Its features include the following:

  • Provide identity authentication, digital signature, cipher key and certificate services
  • Adopt hybrid cryptosystem. Symmetric key is used for message digest calculation and message encryption; the public/private key provides key protection and message signature
  • Interface:
  • Ethernet Interface: RJ45, 100/1000Base-T self-adaption
    Equipped with key injection and off-line distribution interface
  • Environmental:

Operating temperature: 0℃~40℃
Storage temperature: -10℃~55℃
Relative humidity: 20%~80%

 

 

 

5. IM Server:IM server is composed of an IM application server and an IM push server. The IM application server provides services as registration, login, message storage and transfer and management to the secure instant messaging client. IM push server provides message push service to the secure instant messaging client based on MQTT protocol.:

  • Supporting single-chat and group-chat IM between clients
  • Supporting encryption transmission function of chat messages between clients
  • Supporting encryption transmission function of images/documents between clients
  • IM input supporting all kinds of languages, figures, all sorts of characters, punctuation and emojis.
  • Message delivery time (under normal network conditions): ≤5s
  • Image format: common format for cellphones

 

 

 

6. SIP server:SIP server is responsible for processing the call control signal as dialing, answering and hanging the phone. The call signaling is transmitted after encryption through the secure channel to ensure its security.

  • Realizing the function of call control of all sorts of SIP terminal;
  • Realizing the function of media data forwarding;
  • Realizing the function of user management;
  • Realizing the function of system configuration management;
  • Quality of encrypted communication: MOS value exceeds 3.5;
  • Voice delay of encrypted communication: less than 1 second;
  • Encrypted call connection success rate: ≥90%
  • Encrypted call traffic consumption:
    • smartphone:<400KB/min
    • desktop:<300KB/min

Secure VoIP and IM Communication System
Write the E-Mail, we will contact you within days.



Write the E-Mail, we will contact you within days.