Encryption Settings

AES encryption is a standard feature on all Polycom RealPresence ITP systems. When it is enabled, the system automatically encrypts calls to other systems that have AES encryption enabled.

If encryption is enabled on the system, a locked padlock icon appears on the monitor when a call is encrypted. If a call is unencrypted, an unlocked padlock appears on the monitor. In a multipoint call, some connections might be encrypted while others are not. The padlock icon might not accurately indicate whether the call is encrypted if the call is cascaded or includes an audio-only endpoint. To avoid security risks, Polycom recommends that all participants communicate the state of their padlock icon verbally at the beginning of a call.

RealPresence ITP systems provide the following AES cryptographic algorithms to ensure flexibility when negotiating secure media transport:
  • H.323 (per H.235.6)

    • AES-CBC-128 / DH-1024

    • AES-CBC-256 / DH-2048

  • SIP (per RFCs 3711, 4568, 6188)

    • AES_CM_128_HMAC_SHA1_32

    • AES_CM_128_HMAC_SHA1_80

    • AES_CM_256_HMAC_SHA1_32

    • AES_CM_256_HMAC_SHA1_80

RealPresence ITP systems also support the use of FIPS 140 validated cryptography, which is required in some instances, such as when used by the U.S. federal government. When the Require FIPS 140 Cryptography setting is enabled, all cryptography used on the system comes from a software module that has been validated to FIPS 140-2 standards. You can find its FIPS 140-2 validation certificate here: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747.