Secure Phone Hardware Complex

Configuration

Basic configuration of the SecurePhone communication system includes:

• Secure server;
• Secure mobile terminal;
• Key generation center;
• Firewall;
• Connection switch;

There are various possible configurations, which include network ancillary equipment such as switches, router gateways (GSM, DMR), firewalls, etc. Each configuration of the SecurePhone is unique and depends on the customer's specific goals and expectations.

Secure mobile terminal

Secure terminal is a mobile device based on Motorola / Samsung smartphones with an revised Android OS ver. 9.0+. The customer is free to choose the smartphone model according to their wishes.

Secure server

As a part of the SecurePhone communications complex, the server is situated on the customer's side. The server has a built-in VPN.

Features

Key Functions

Voice calls and voice conference calls. Video calls with two layers of encryption. Messaging in the individual and group chats. Peer-to-peer docs and multimedia file sharing (photo, video, voice data). Protected file transfer up to 100 MB. Integrated software protection of terminal's system files. Autorun the data integrity mechanism.

Additional communication options

Integration with the customer's SIP infrastructure for the ability to call internal company phones. Integration with DMR infrastructure for calling to the radio station. Integration with a GSM gateway for the ability to call both cellular and fixed network subscribers. Integrations with SIP infrastructure, DMR and GSM gateways are two-way, and allow duplex conversation (voice calls only).

Additional features

Customization of modified, secure mobile apps according to customer's request. On-key delivered administrator's PC for monitoring the key functions of the communication complex. Centralized contact management, and auto synchronization with user's contact lists.

SecurePhone communications complex uses 2G, 3G, LTE mobile networks, and wireless Wi-Fi networks. The use of cellular networks for calls and messaging is software-prohibited.

Data privacy and data protection

Privacy and protection of user data is ensured by their full encryption.

Double-layer cryptographic encryption of voice and video calls, text and multimedia messages (AES256 channel encryption, AES128 end-to-end encryption). Double cryptographic encryption for group chats and forwarded files (AES256 channel encryption, AES128 end-to-end encryption). Encryption algorithms use separate complementary keys that are generated for each communication session through the Diffie-Hellman key-agreement protocol.

A secure server doesn't store any user data including messages, files, and records of voice/video/conference calls. Messages history from individual and group chats is available only in a closed section of mobile terminals. Multimedia and text messages are temporarily stored on the server only until delivery if the recipient was offline at the time of sending.

SecurePhone complex ensures data integrity control by cryptographic hash function and authenticated encryption with associated data (AEAD).

Only authorized users can use the secure server for switching subscribers. Users are authorized with conformance certificates signed using an RSA public-key cryptographic algorithm.

User interface and mobile applications

The mobile terminal has a familiar and user-friendly interface because it builds on the modified secure Android OS. As a result, a secure terminal looks like a regular smartphone.

Users communicate using secure mobile applications:

• SecPhone for voice and video calls, conference calls;
• SecChat for messaging and multimedia files sharing in individual and group chats.

The user cannot install, uninstall or modify mobile apps in their devices.

Restrictions on the use of a mobile terminal are related to its key task to provide secure encrypted communications. Communication complex SecurePhone is developed individually for each customer n the basis of their goals and needs, configured and tested by information security specialists.