A. Functional description of VoIP encryption

NFON offers customers VoIP signalling and media steam encryption. In the process, the link connection and then the voice data is encrypted. This is an end-to-end process, i.e. from the telephone to the NFON data centre, where your telephone system is operated.

In the course of end device provisioning, certificate data is loaded to the end devices to secure the SIP signalling via TLS.End devices are then registered with the assigned encryption gateway, which is operated in the NFON data centres, which has multiple layers of security.

In the course of setting up the secured call via TLS (256 bit AES), keys are exchanged to later encrypt the media streams (via SDES).These are used once to safeguard the calls. If supported by the end device, the display indicates when calls are secured.

The path from the end device to the data centre is therefore fully secured (thus also on the customer’s LAN).The encryption gateway is on the same network as the telephone system server. Since encryption is solely IP-based, connections from the data centre to the public telephone network (landline and mobile network) are not encrypted.