Encryption

The following table lists the product capabilities that are supported but not necessarily required. Requirements vary based on the customer environment.

Note: More detailed information is available under NDA in the form of Product Encryption Data Sheets. Please contact your Polycom representative for more details.
Application Encryption Function Description Protocol Used
Secure Boot

Authentication

Integrity

Procedure to verify that basic software assets are not compromised (i.e., replaced or modified by hackers). During system bootup, the Pano device verifies that only a valid bootloader and Boot Configuration Table (BCT) images can execute. PKCS #1
Software signing (OTA)

Authentication

Integrity

Software signing process that ensures hackers do not create a fake OTA file for a software upgrade package to replace the software images on the Pano device. This verification is done during the software update process when the OTA signature is compared with a locally stored certificate before allowing the Android system to continue the procedure. PKCS #8 (RFC 5208)
AirPlay

Confidentiality

Integrity

A proprietary Wi-Fi streaming protocol for sending media from an AirPlay-certified device to the Pano device. Apple AirPlay
Miracast

Confidentiality

Integrity

Encrypted content casting protocol for sending media from a Miracast-certified device to the Pano device using a dedicated, short-range wireless 802.11 network connection. RSN (WPA2/IEEE 802.11i)
Device Proxy Client

Authentication

Integrity

Confidentiality

Allows the Pano device to communicate with the Polycom Cloud Service to discover its tenant ID and register with that tenant’s cloud services. The connections are signaling only; no media is passed. Connections are made to the Global Directory Service, Device Discovery Service, Tenant Directory Service, Device Authentication Service, Polycom Cloud Service Device Authentication Service, and Device Proxy and Registry. TLS 1.1 and 1.2
Cluster Control Service Client

Authentication

Integrity

Confidentiality

Allows the Pano device to retrieve PIN codes from the Polycom Cloud Service for the room device cluster. TLS 1.1 and 1.2
RealPresence Group Series Pairing Client

Authentication

Integrity

Confidentiality

Allows pairing with a RealPresence Group Series system so that it can control the content-sharing functions of the Pano device. TLS 1.1 and 1.2
Analytics Client

Authentication

Integrity

Confidentiality

Allows the Pano device to send analytic information to the Polycom Cloud Service. TLS 1.1 and 1.2
Software Update Client Authentication

Integrity

Confidentiality

Allows the Pano device to check for and get software update images from a configured software update server over an encrypted channel. TLS 1.1 and 1.2
Pano App Screen/App Share Media Server

Confidentiality

Integrity

Media connection from a device using the Pano App to the Pano device. Proprietary session-layer protocol over UDP
Pano App Screen/App Share Signaling Server (Port 5001)

Confidentiality

Integrity

Used by the Pano App to set up the screen and application sharing sessions with the Pano device (no media flows over this connection; there is only signaling). TLS 1.1 and 1.2
Management API Server (Port 443)

Authentication

Integrity

Confidentiality

Provides a local management interface over HTTPS. It is used for the system web interface and REST API, which retrieves saved snapshot images from the Pano device. TLS 1.1 and 1.2