Security Models

End-to-End encryption

Very high security risk contexts represent a typical scenario for end-to-end encryption.

Usually end-to-end encryption is required by government agencies or small group of “secure” speakers to protect mobile phone calls against wiretapping.

Protection is extremely strong: voice is encrypted on caller mobile phone and decrypted on called mobile phones, without any chance for intermediate devices (PBXs, routers, switches, firewalls) to be able to eavesdrop on the call.

This model is the same as PGP on email: only sender and receiver can encrypt/decrypt the content of their communication. No-one else, not even the owner of server can wiretap their communications.

This is the strongest model from the security point of view, called end-to-end encryption, that we enforce using the ZRTP protocol. It is the only model we provide in the SaaS mode and it does not provide integration with fixed lines.

End-to-Site encryption

In more flexible contexts, you need secure mobile calls to landline devices,  usage of extended telephony features such as conference rooms, call diverting, integration with company PBX (Cisco/Avaya) or crypto-to-clear for the public telephony network: this scenario requires  an end-to-site security model.

In order to achieve such flexibility, each party of a communication establishes an independent secure communication with PrivateServer, which is a trusted party and is hosted on the customer’s premises.

This model is very similar to a VPN: your communications are fully secure from your device up to the enterprise network. From there on, security is managed by your company.

This is the most flexible security model, called end-to-site encryption and we enforce it with SDES protocol.