Linksys RTP300 User Guide - Page 57
Secure Call Implementation, Enabling Secure Calls - as switch
 |
UPC - 745883565658
View all Linksys RTP300 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 57 highlights
Secure Call Implementation Secure Call Implementation This section describes secure call implementation with the ATA device . It includes the following topics: • "Enabling Secure Calls" section on page 57 • "Secure Call Details" section on page 58 • "Using a Mini-Certificate" section on page 58 • "Generating a Mini Certificate" section on page 59 NOTE: This is an advanced topic meant for experience installers. See also the LVS Provisioning Guide. Enabling Secure Calls A secure call is established in two stages. The first stage is no different from normal call setup. The second stage starts after the call is established in the normal way with both sides ready to stream RTP packets. In the second stage, the two parties exchange information to determine if the current call can switch over to the secure mode. The information is transported by base64 encoding embedded in the message body of SIP INFO requests, and responses using a proprietary format. If the second stage is successful, the ATA device plays a special Secure Call Indication Tone for a short time to indicate to both parties that the call is secured and that RTP traffic in both directions is being encrypted. If the user has a phone that supports call waiting caller ID (CIDCW) and that service is enabled, the CID will be updated with the information extracted from the Mini-Certificate received from the remote party. The Name field of the CID will be prepended with a '$' symbol. Both parties can verify the name and number to ensure the identity of the remote party. The signing agent is implicit and must be the same for all ATAs that communicate securely with each other. The public key of the signing agent is pre-configured into the ATA device by the administrator and is used by the ATA device to verify the Mini-Certificate of its peer. The MiniCertificate is valid if it has not expired, and it has a valid signature. The ATA device can be configured so that, by default, all outbound calls are either secure or not secure. If secure by default, the user has the option to disable security when making a call by dialing *19 before dialing the target number. If not secure by default, the user can make a secure outbound call by dialing *18 before dialing the target number. However, the user cannot force inbound calls to be secure or not secure; that depends on whether the caller has security enabled or not. The ATA device will not switch to secure mode if the CID of the called party from its MiniCertificate does not agree with the user-id used in making the outbound call. The ATA device performs this check after receiving the Mini-Certificate of the called party Linksys ATA Administration Guide 57
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52 -
53 -
54 -
55 -
56 -
57 -
58 -
59 -
60 -
61 -
62 -
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
 |
 |
