Nubitalk Office Phone ensure security measures for all possible communication media:
- Instant messaging
In order to assure the security of the communications there are 3 types of endpoints that may be used to communicate in a Office Phone system:
- Certified Hardphones/Softphones;
- Nubitalk mobile Apps;
- OneContact UC
The protocols and security measures vary depending on the type of endpoint and media being used.
IP endpoints may establish audio and video calls with each other via SIP. All SIP messages exchanged between Nubitalk components are transported in UDP packets when inside the same network. SIP messages originating from or being sent to the public network must be relayed through a Session Border Controller (SBC). OneSIPConnector, which is an SBC, supports SIP over UDP, TCP and TLS in the public network. So for extra security, TLS may be used to ensure the encryption of SIP messages in the public domain.
After establishing a call, the audio and video payload may be sent either non encrypted via RTP or encrypted via SRTP. If the endpoints are in the public network, OneSIPConnector can be configured to use always SRTP, prefer one above the other or leave the choice entirely to the endpoints.
Chat messages may be sent either by OneContactUC or mobile Apps, through Nubitalk Instant Messaging server. The connection with the IM server is performed via the WSS (WebSocket Secure) protocol that ensures transport-layer encryption.
On the application layer, the message contents are encrypted with a combination of RSA and AES keys, ensuring that the users’ personal messages will always be encrypted, even when temporarily storing them on the database.
Regarding voice calls, the mobile Apps support SIP over TLS, but they do not support SRTP for audio encryption.
Besides the messages exchanged for audio calls and instant messaging, the Apps also communicate with a Web Service in order to perform other types of operations, such as logging in and logging out. The Web Service can and should be configured to use HTTPS connections only, providing a secure channel between itself and the Apps.
OneContactUC is a web based client that uses the WebRTC API to perform audio calls. Therefore, all audio packets are encrypted using RTP over DTLS protocol.
Instead of SIP, the signalling uses a proprietary protocol and is done via a WSS connection to OneSIPConnector, relying on it to act as a SIP gateway to the rest of the system.
There are other operations (e.g. login; logout) which are performed through OneContactUC’s server, which can and should be configured to use HTTPS connections only in order to provide better security.
All system and user passwords are encrypted before being stored in the database.