Authenticated, Encrypted, and Protected Phone Calls
When security is implemented for a phone, you can identify authenticated or encrypted phone calls by icons on the screen on the phone. You can also determine if the connected phone is secure and protected if a security tone plays at the beginning of the call.
In an authenticated call, all devices participating in the establishment of the call are trusted devices, and authenticated by Cisco Unified Communications Manager. When an in-progress call is authenticated, the call progress icon to the right of the call duration timer in the phone LCD screen changes to this icon:
In an encrypted call, all devices participating in the establishment of the call are trusted devices, and authenticated by Cisco Unified Communications Manager. In addition, call signaling and media streams are encrypted. An encrypted call offers a high level of security, providing integrity and privacy to the call. When an in-progress call is being encrypted, the call progress icon to the right of the call duration timer in the phone LCD screen changes to this icon:
If the call is routed through non-IP call legs, for example, PSTN, the call may be nonsecure even though it is encrypted within the IP network and has a lock icon associated with it.
In a protected call, a security tone plays at the beginning of a call to indicate that the other connected phone is also receiving and transmitting encrypted audio and video (if video is involved). If your call is connected to a nonprotected phone, the security tone does not play.
Protected calling is supported for connections between two phones only. Some features, such as conference calls, shared lines, Extension Mobility, and Join Across Lines are not available when protected calling is configured. Protected calls are not authenticated.
Secure Conference Call Identification
You can initiate a secure conference call and monitor the security level of participants. A secure conference call is established using this process:
A user initiates the
conference from a secure phone (encrypted or authenticated security mode).
Communications Manager assigns a secure conference bridge to the call.
As participants are added,
Cisco Unified Communications Manager verifies the security mode of each phone
(encrypted or authenticated) and maintains the secure level for the conference.
The phone displays the
security level of the conference call. A secure conference displays (encrypted)
or (authenticated) icon to the right of “Conference” on
the phone screen. If icon displays, the conference is not secure.
There are interactions, restrictions, and limitations that affect the security level of the conference call depending on the security mode of the participants' phones and the availability of secure conference bridges.
Protected Call Identification
A protected call is established when a user phone and the phone on the other end are configured for protected calling. The other phone can be in the same Cisco IP network, or on a network outside the IP network. Protected calls can only be made between two phones. Conference calls and other multiple-line calls are not supported.
Establishment of a protected call follows this process:
A user initiates the call
from a protected phone (protected security mode).
The phone displays the icon
(encrypted) on the phone screen. This icon indicates that the phone is configured
for secure (encrypted) calls, but this does not mean that the other connected
phone is also protected.
A security tone plays if
the call connects to another protected phone; the tone indicates that both ends
of the conversation are encrypted and protected. If the call is connected to a
nonprotected phone, the secure tone does not play.
Protected calling is supported for conversations between two phones. Some features, such as conference, shared lines, Cisco Extension Mobility, and Join Across Lines are not available when protected calling is configured.