Encryption

AES encryption is standard on RealPresence Group Series systems. When enabled, the system automatically encrypts calls to other systems using AES encryption.

If encryption is enabled on the system, a locked padlock icon displays when a call is encrypted. If a call is unencrypted, an unlocked padlock appears on the monitor. In a multipoint call, some connections might be encrypted while others are not. The padlock icon might not accurately indicate whether the call is encrypted if the call is cascaded or includes an audio-only endpoint. To avoid security risks, Polycom recommends that all participants communicate the state of their padlock icon verbally at the beginning of a call.

Remember the following regarding AES encryption:

  • AES encryption is not supported on systems registered to an Avaya H.323 gatekeeper.
  • Systems in a call support only 256-bit encryption key with an XT5000 or XT7000 Avaya endpoint.
  • For systems with a maximum speed of 6 Mbps for unencrypted calls, the maximum speed for encrypted SIP calls is 4 Mbps.

The following AES cryptographic algorithms ensure flexibility when negotiating secure media transport:

  • H.323 (per H.235.6)
    • AES-CBC-128 / DH-1024
    • AES-CBC-256 / DH-2048
  • SIP (per RFCs 3711, 4568, 6188)
    • AES_CM_128_HMAC_SHA1_32
    • AES_CM_128_HMAC_SHA1_80
    • AES_CM_256_HMAC_SHA1_32
    • AES_CM_256_HMAC_SHA1_80

The systems also support the use of FIPS 140 validated cryptography, which is required in some instances, such as when used by the U.S. federal government. When the Require FIPS 140 Cryptography setting is enabled, all cryptography used on the system comes from a software module that has been validated to FIPS 140-2 standards. You can find its FIPS 140-2 validation certificate here: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747.