PrivateGSM user manual multiplatform_en

1

User manual, March 2011

Contents

1. Introduction........................................................................................................................................ 4

2. PrivateGSM installation pre-requisites ............................................................................................ 5

3. Installing the software ...................................................................................................................... 6 3.1. Installation via email/SMS message .................................................................................................... 6

3.1.1. BlackBerry installation ............................................................................................................. 7 3.1.2. iPhone installation................................................................................................................. 10 3.1.3. Nokia installation .................................................................................................................. 10

3.2. PC installation.................................................................................................................................. 12 3.2.1. BlackBerry Desktop manager ................................................................................................ 12 3.2.2. Nokia PC Suite installation .................................................................................................... 13

4. PrivateGSM Enterprise Configuration............................................................................................ 14 4.1. BlackBerry........................................................................................................................................ 15 4.2. iPhone ............................................................................................................................................. 16 4.3. Nokia............................................................................................................................................... 16

5. PrivateGSM Demo automatic activation........................................................................................ 17 5.1. BlackBerry........................................................................................................................................ 17 5.2. iPhone ............................................................................................................................................. 18 5.3. Nokia............................................................................................................................................... 19

6. Start PrivateGSM.............................................................................................................................. 20 6.1. Start PrivateGSM on Nokia/BlackBerry.............................................................................................. 20 6.2. Start PrivateGSM on iPhone ............................................................................................................. 21

7. Making a secure call with PrivateGSM Demo ............................................................................... 23 7.1. Call modes....................................................................................................................................... 23 7.2. Secure prefix number (Nokia and BlackBerry) ................................................................................... 23 7.3. Secure URL (iPhone devices) ............................................................................................................. 23 7.4. Dial secure call with +801 prefix ...................................................................................................... 24

7.4.1. Dialing a secure call .............................................................................................................. 24 7.4.2. Dialing a secure call from contacts ........................................................................................ 25

7.5. Dial secure call from PrivateGSM application.................................................................................... 26 7.5.1. Dialing a secure call .............................................................................................................. 26 7.5.2. Dialing a secure call from contacts ........................................................................................ 26

8. Receiving a secure call ..................................................................................................................... 29 8.1. Receive a secure call on iPhone ........................................................................................................ 29 8.2. Receive a secure call on iPhone ........................................................................................................ 29 8.3. Receive a secure call on Nokia.......................................................................................................... 30

9. Secret Security.................................................................................................................................. 31 9.1. Verifying call security ....................................................................................................................... 31 9.2. Custom Certificate Authority ........................................................................................................... 32

2


9.2.1. Custom CA on Blackberry..................................................................................................... 33 9.2.2. Custom CA on iPhone .......................................................................................................... 33 9.2.3. Custom CA on Nokia ............................................................................................................ 33

9.3. Restrict Certificate Authority ............................................................................................................ 33 9.3.1. Restrict CA on iPhone ........................................................................................................... 34 9.3.2. Restrict CA on Nokia............................................................................................................. 34

10. Top Secret Security ........................................................................................................................ 35 10.1. Verifying call security ..................................................................................................................... 35 10.2. Identifying a wiretapping attempt.................................................................................................. 37

10.2.1. Attempt to wiretap a call to a "trusted" contact................................................................. 37 10.2.2. Attempt to wiretap a call to a contact not yet saved as "trusted"....................................... 38

11. Checking the call in progress ........................................................................................................ 40 11.1. Call status...................................................................................................................................... 40

11.1.1. Call status icons .................................................................................................................. 41 11.2. Call quality level............................................................................................................................. 41

11.2.1. Call quality level icons ......................................................................................................... 42

12. Call functions.................................................................................................................................. 43 12.1. Adjusting audio volume ................................................................................................................. 43 12.2. Turning speaker phone and microphone on and off ...................................................................... 43

13. Advanced telephony features ...................................................................................................... 45 13.1. Secure call transfer......................................................................................................................... 45 13.2. Secure 3-way calling ...................................................................................................................... 45 13.3. Secure Conference Room............................................................................................................... 46

14. Other functions and settings ........................................................................................................ 47 14.1. BlackBerry functions....................................................................................................................... 47

14.1.1. Changing the Access Point ................................................................................................. 47 14.1.2. Ending and re-starting an Internet connection .................................................................... 47 14.1.3. Exit the application and end the Internet connection .......................................................... 48

14.2. iPhone functions ............................................................................................................................ 49 14.2.1. Exit the application ............................................................................................................. 49

14.3. Nokia functions.............................................................................................................................. 50 14.3.1. Changing the Access Point ................................................................................................. 50 14.3.2. Ending and re-starting an Internet connection .................................................................... 50 14.3.3. Exit the application and end the Internet connection .......................................................... 51

15. What you should know before you use PrivateGSM ................................................................. 53 15.1. Interaction with standard GSM voice calls ...................................................................................... 53 15.2. When doesn't PrivateGSM protect your data ................................................................................. 53 15.3. Call quality when moving............................................................................................................... 53 15.4. Networks and call quality ............................................................................................................... 54 15.5. Rates ............................................................................................................................................. 55

15.5.1. Limited traffic rate plan disadvantages ................................................................................ 56 15.6. Differences between secure and standard calls .............................................................................. 56

16. User license and license code........................................................................................................ 57 16.1. Checking your user license............................................................................................................. 57

3


16.1.1. BlackBerry: check your current user license ......................................................................... 57 16.1.2. iPhone: check your current user license............................................................................... 58 16.1.3. Nokia: check your current user license ................................................................................ 58

16.2. Activating a license ........................................................................................................................ 58 16.2.1. BlackBerry: license activation............................................................................................... 59 16.2.2. iPhone: license activation .................................................................................................... 59 16.2.3. Nokia: license activation...................................................................................................... 60

16.3. License Migration........................................................................................................................... 60 16.4. License status icon (Nokia and BlackBerry)...................................................................................... 61

17. PrivateGSM Demo Invite features ................................................................................................ 62 17.1. Inviting a contact to use PrivateGSM Demo.................................................................................... 62

17.1.1. BlackBerry: invite a contact from your phone book ............................................................. 62 17.1.2. iPhone: invite a contact from your phone book................................................................... 63 17.1.3. Nokia: invite a contact from your phone book .................................................................... 63

17.2. Accept invitation............................................................................................................................ 64

18. Most frequent VoIP network problems ....................................................................................... 65 18.1. PrivateGSM does not connect and does not let me make calls ....................................................... 65 18.2. The call interrupts with a failed connection error ........................................................................... 65 18.3. Only one caller can hear the other (one-way) ................................................................................. 66 18.4. Dialing takes one or more minutes................................................................................................. 67 18.5. Frequent audio interferences ......................................................................................................... 67

19. Functional notes............................................................................................................................. 69 19.1. Incompatibility with other installed applications (Nokia devices) ..................................................... 69

20. How to contact us.......................................................................................................................... 70

Note: The following manual contains valid yet generic technical information. Some phone screen and menu references may vary according to the model.

4


1. Introduction

PrivateGSM guarantees phone conversation security and privacy on mobile phones.

It exists in two main types:

• PrivateGSM Enterprise can be used within a company network in the Enterprise VoIP Security Suite along with a locally installed PrivateServer;

• PrivateGSM DEMO can be used to try the software easily and without any server configuration requirements. Once installed on a phone, PrivateGSM DEMO is able to encrypt all incoming and outgoing calls from/to other PrivateGSM users: thus, the software must be installed on the caller and the called party’s phones. PrivateGSM Demo allows you to invite other users to use the system through the “invite other” feature.

PrivateGSM uses VoIP technology (Voice over IP) and requires Internet access.

This guide will provide a complete overview of all the features and scenarios of use of PrivateGSM Enterprise and PrivateGSM DEMO.

5


2. PrivateGSM installation pre-requisites

Before installing the software, make sure the following requisites are met:

Mobile phone compatibility. Check the Support section at: www.privatewave.com

International text message capability. Check your service contract. A text message must be sent to a number in the United Kingdom to activate the DEMO version of the product.

Full internet access service. The phone service contract must include full internet access. WAP or MMS connections are not admitted and WILL NOT WORK.

Note:

Blackberry DESKTOP MANAGER must be installed on your PC to install the Blackberry version of PrivateGSM via USB.

Apple iTunes must be installed on your PC to install the iPhone version of PrivateGSM via USB.

NOKIA PC Suite must be installed on your PC to install the Nokia version of PrivateGSM via USB.

6


3. Installing the software

You can install PrivateGSM on your mobile phone via email/SMS message or PC (via Bluetooth or USB port) or via AppStore for iPhone.

Once the installation file download has completed, the installation wizard completes the setup.

3.1. Installation via email/SMS message

The phone must have Internet access for this installation.

To download, install and activate software via email/text message:

1. Provide your phone number on http://m.privategsm.com if you want to try PrivateGSM Demo or insert it on http://e.privategsm.com if you want to receive PrivateGSM Enterprise (PrivateServer PBX required).

2. Read and accept the license and privacy consent terms.

3. Select your phone model.

4. Select option via email/SMS message.

5. Enter your email address or mobile phone number.

Click Download to receive an installation email/text message. Click on the link in the message to download the software and launch the installation and activation procedure.

Note: In order to activate Demo version an SMS text message will be sent to a UK PrivateWave number (UK +44). Therefore, your SIM card must be enabled to send international text messages and your credit balance must be able to cover these charges.

7


3.1.1. BlackBerry installation

3.1.1.1. Installer

On BlackBerry platform, before installing actual PrivateGSM application, you can download and install an “installer” application that check if you device is supported or if it could be supported after an OS upgrade (eg: Bold 9000 or Curve 8520 have, as default operative system, OS 4.6.x which is not supported, but if you upgrade OS through Desktop Manager to OS 5.x, PrivateGSM will work on these devices).

1. Click on the link 2. Open link

3. Downloading progress 4. Run Installer

5. Installer report

8


3.1.1.2. Installation

1. Download PrivateGSM 2. Installation completed

3. PrivateGSM icon is installed in Download folder

4. Accept the license agreement

5. Enable auto-start

3.1.1.3. Selecting the access point name after installation

After installation, it is required to select and configure the right APN (Access Point Name) depending on your mobile operator. Generally, Blackberry devices have a flat tariff plan bound to BES or BIS-B offerings.

9


PrivateGSM requires an extra APN to works: ask your mobile operator’s customer service the following details:

• APN (access point name)

• Username

• Password

1. APN is required 2. Insert APN name, username and password

3. Exit and save

IMPORTANT Before using PrivateGSM: according to your mobile tariff plan, it is possible that you have to pay also when dialing and receiving a secure call. Check extra costsfor Access Point usage with your mobile operator's customer service!

!

10


3.1.2. iPhone installation

1. Click on the link 2. Confirm download

3.1.3. Nokia installation

3.1.3.1. Download

1. Click on the link

2. Confirm download

3. Check progress

11


3.1.3.2. Installation

4. Confirm installation

5. Confirm to continue

6. Select the phone memory

7. Accept the license agreement

8. Enable auto-start

3.1.3.3. Selecting the access point after installation

After installation, select the full internet access point. If you selected an incorrect access point (with consequent difficulties in accessing the internet or sending the activation text message) you can change it later and re-launch product activation (see chapter 14.3.1 “Changing the Access Point”).

12


Select the full internet access point

3.2. PC installation

You can download the software to your PC and install it on your phone via Bluetooth or USB port.

To download, install and activate software via PC:

1. Open pages Trial and product Download at www.privatewave.com.

2. Read and accept the license and privacy consent terms.

3. Select your phone model.

4. Select option via PC.

Click Download, save the file on your PC and install it on your phone via Bluetooth or USB port.

3.2.1. BlackBerry Desktop manager

1. Connect your phone to the PC via USB port.

2. Unzip PrivateGSM zip archive, containing .COD and .ALX files

13


3. Run Desktop Manager, connect your phone and add a new application, selecting .ALX file

3.2.2. Nokia PC Suite installation

3.2.2.1. Installation via Bluetooth

1. Send the file to your phone via Bluetooth protocol.

2. Open the message in your Inbox. The wizard is launched (see procedure screen 4 3.1 “Installation via email/SMS message”).

3.2.2.2. Installation via USB

1. Connect your phone to the PC via USB port.

2. Run Nokia PC Suite, select your phone and install the software using the Application Installation function.

3. The wizard is launched (see procedure screen 4 3.1 “Installation via email/SMS message”).

14


4. PrivateGSM Enterprise Configuration

Before you can start using PrivateGSM Enterprise with Enterprise VoIP Security Suite you must configure a SIP account that’s properly configured and enabled on a PrivateServer.

In this section you will be guided to configure your SIP account. PrivateGSM lets you configure the usual parameters, plus some advanced settings.

• SIP Server: registrar hostname

• SIP Server Port: registrar SIP port

• Realm: registrar realm or leave it set to ‘*’

• Username: SIP account assigned to you

• Password: password used to authenticate you

• Use Proxy: set it to ON if you have an actual SIP proxy or if you use a TLS port different than 5061

• SIP Proxy Server: SIP proxy hostname if present (eg: configuration with an external SIP Security Controller such as UM-Labs, otherwise set it to sip registrar hostname)

• SIP Proxy Port: SIP proxy port if present or registrar port

15


4.1. BlackBerry

1. Account is not configured yet 2. Select Settings

3. Select advanced settings 4. Confirm advanced settings modification

5. Select Sip Settings 6. Insert your account data

7. Exit and save 8. Restart PrivateGSM

16


4.2. iPhone

1. From the main screen select More button

2. Select Settings

3. Configure your SIP account

4.3. Nokia

1. No account configured yet 2. Configure account

17


5. PrivateGSM Demo automatic activation

With DEMO mode, PrivateGSM automatically create an account on PrivateWave servers and bind your mobile phone number to it, so that you can dial your contacts using their mobile number instead of using a new extension.

In order to activate DEMO mode PrivateGSM sends an SMS to a PrivateWave UK’s number, so be sure that your SIM is enabled to send international SMS. Since this feature is subject to additional cost related to sending an SMS, PrivateGSM asks to the user to confirm the action before proceeding with it.

5.1. BlackBerry

1. Select Auto activation 2. Activation starting

3. Sending activation SMS

18


5.2. iPhone

1. Select automatic activation 2. A text message will be sent 3. Send message

4. Activation pending 5. Activated

19


5.3. Nokia

1. Select automatic activation 2. A text message is sent to a PrivateGSM number

20


6. Start PrivateGSM

PrivateGSM will automatically connect to secure VoIP server each time you turn on your phone (hidden in the background).

When an Internet connection is available, you can:

• Start PrivateGSM application.

• Receive and dial secure calls.

On Nokia and BlackBerry devices it is possible to disable auto-start feature. It is not possible to disable it on iPhone devices.

IMPORTANT To make a secure call, the called party must be running PrivateGSM software andbe connected to the Internet as well! !

6.1. Start PrivateGSM on Nokia/BlackBerry

To Start PrivateGSM from within Nokia or Blackberry just dial 801.

All other application functions are accessible from the PrivateGSM menu.

To open PrivateGSM menu on BlackBerry:

21


1. Dial “801” and press the dial button 2. The PrivateGSM menu appears. Click Hangup or Back button to return the application

to the background

To open the PrivateGSM menu on Nokia:

1. Dial “801” and press the dial button

2. The PrivateGSM menu appears. Click Hide to return the application to the

background

6.2. Start PrivateGSM on iPhone

All application functions are accessible from PrivateGSM main UI.

IMPORTANT Features based on Secure Prefix 801 features are not available on iPhone, due to some platform constraints imposed by current releases of Operative System. !

22


To open the PrivateGSM menu:

1. Tap on PrivateGSM icon 2. The PrivateGSM menu appears. Click HOME button to return the

application to the background

23


7. Making a secure call with PrivateGSM

7.1. Call modes

PrivateGSM lets you:

• Make secure calls to phone numbers and contacts using the PrivateGSM +801 prefix (pgsm:// URL on iPhone). In this case, you do not need to manually open the main menu if the application is in background.

• Make secure calls to phone numbers and contacts without entering the PrivateGSM prefix by directly using the application menu.

7.2. Secure prefix number (Nokia and BlackBerry)

Calls with PrivateGSM are simply identified by the “+801” prefix in front of the number to be dialed including the international prefix without zeros. For example:

“+801 44 333 1234567”

+801 PrivateGSM prefix, including ‘+’

44 International country code for UK without zeros

333 1234567 Phone number Note: For quick dialing, we recommend you save numbers with the +801 prefix as "secure" contacts in your phone book.

7.3. Secure URL (iPhone devices)

Calls with PrivateGSM are simply identified by the URL “pgsm://” prefix in front of the number to be dialed including the international prefix without zeros. For example:

24


“pgsm://44 333 1234567”

pgsm:// PrivateGSM prefix, including ‘+’

44 International country code for UK without zeros

333 1234567 Phone number Note: For quick dialing, we recommend you save numbers with the pgsm:// prefix as "secure" contacts in your phone book, in home page field.

7.4. Dial secure call with +801 prefix

IMPORTANT Dialing a call with secure prefix +801 is not available on iPhone, due to someplatform constraints imposed by current releases of Operative System. !

Making secure calls with PrivateGSM is very easy: dialling is just as simple as prefixing your phone numbers with +801 prefix, as with international calls.

With secure prefix you can make calls as usual with your phone: inserting phone number, from your address book or even from recent calls logs.

Phone numbers prefixed with secure prefix +801 are detected by PrivateGSM which automatically starts a secure call.

7.4.1. Dialing a secure call

You can dial a secure call by entering the “+801” prefix before the number to be dialed, including the international country code without zeros.

25


To dial a secure call complete with prefix:

Enter the “+801” prefix before the number and press

the dial button

7.4.2. Dialing a secure call from contacts

You can call a number previously saved in the phone book with the PrivateGSM prefix (see chapter 7.2 “Secure prefix number”).

To make a secure call to a contact saved in your address book with the PrivateGSM prefix:

BlackBerry: select a “secure” contact and press the SEND key

iPhone: select a “secure” contact and press on secure URL

Nokia: select a "secure" contact and press the dial button

26


7.5. Dial secure call from PrivateGSM application

7.5.1. Dialing a secure call

You can make a secure call from the PrivateGSM menu by simply entering the number complete with international country code (i.e.: +44 for UK) and pressing the dial button.

Note 1: On devices with OS Symbian 9 5th ed. (touch screen) select Type number in Options menu: a virtual keyboard will appear.

Suggestion: If you intend to frequently make secure calls to the same number, add it to your phone book with the PrivateGSM prefix (see chapter 7.2 “Secure prefix number”).

To dial a secure call using the PrivateGSM menu:

BlackBerry: digit phone number and click on green SEND button

iPhone: digit phone number and click on green DIAL button

Nokia: enter the phone number complete with international country code and press

the DIAL button

7.5.2. Dialing a secure call from contacts

PrivateGSM lets you choose a contact from your phone address-book, so you can make secure calls from PrivateGSM menu by simply selecting a contact from.

PrivateGSM sort contacts in the same way as native phone book does.

27


On iPhone you can change contacts ordering by opening System Settings > PrivateGSM > Application > Contacts Sort Order

Suggestion: If you intend to frequently make secure calls to the same number, add it to your phone book with the PrivateGSM prefix (see chapter 7.2 “Secure prefix number (Nokia and BlackBerry)”).

To dial a secure call to a contact using the PrivateGSM menu on BlackBerry:

1. Select Dial secure call 2. Select a contact and press SEND key

To dial a secure call to a contact using the PrivateGSM menu on iPhone:

1. Select a contact 2. Tap on the phone number

28


To dial a secure call to a contact using the PrivateGSM menu on Nokia:

1. Select Dial secure call 2. Select a contact and press the dial button

29


8. Receiving a secure call

PrivateGSM must be on and you must be connected to the Internet to receive a secure call.

When there is an incoming secure call, a popup is shown on display. If you accept, PrivateGSM is brought on foreground and in a few seconds, depending on type of network and security level, it will be possible to start speaking securely.

Note: A secure call has a ring tone other than a standard call and can be answered or refused.

8.1. Receive a secure call on BlackBerry

Accept the secure call by pressing the dial button

8.2. Receive a secure call on iPhone

On iPhone platform you have to confirm twice to accept an incoming call, due to constraints imposed by current versions of Operative System:

• Bring PrivateGSM application in foreground, tapping on View button;

• Accept or refuse incoming call: in this stage, until you decide what to do, the peer calling you would hear a ringing tone.

30


1. Bring PrivateGSM in foreground 2. Accept the secure call by pressing the Accept button

8.3. Receive a secure call on Nokia

Accept the secure call by pressing the dial button

31


9. Secret Security

Secret Security applies an End-To-Site security model, where audio data is encrypted on one call-end and decrypted on PBX side.

This model, used within Enterprise VoIP Security Suite, replicates the same paradigm of a VPN: call is secured outside of company perimeter, and goes in clear inside company perimeter.

The main advantages of End-To-Site security model are:

• interoperability with existing phone networks for crypto-to-clear and clear-to-crypto setup

• advanced telephony features, such as 3-way calling and conference room

9.1. Verifying call security

Call is automatically secured during call setup, so it does not require any human intervention. As soon as call is establishes you can immediately start to talk with your contact securely.

The overall security verification system is based on TLS digital certificate verification. The PrivateGSM Enterprise client automatically verifies the digital certificate of the SIP/TLS server and if it’s recognized and authentic, the connection will be automatically secured.

Secure call established

32


This security model is exactly the same as HTTPS with internet browser, given the fact that on PrivateServer there is a valid digital certificate the call can be considered secure.

By default, PrivateGSM will not accept invalid SSL certificates, such as:

• Expired certificates: be sure that your phone’s clock is properly set

• Self-signed certificates

• Common name mismatch

If the SSL certificate is a wrong or invalid (ex: one of the above mentioned reasons) or a man in the middle attack attempt is in course, the user will see on phone display one of the following warnings:

Invalid SSL certificate

Certificate error

9.2. Custom Certificate Authority

Since security is based on TLS digital certificates, it is mandatory that server certificates are signed by a known and trusted certificate authority.

If your certificates is signed by a new CA (not present in phone CA list at ship time) or your private CA, you can import the CA’s certificate and trust it.

33


9.2.1. Custom CA on Blackberry

Open Options -> Security Options -> Advanced Security Options -> Certificates

Select the CA root and trust it. PrivateGSM can now connect to your server.

9.2.2. Custom CA on iPhone

Connect your iPhone to USB and open using iTunes application.

Select your device -> “Apps” section -> scroll down and you will see a list of applications that have a shared folder.

Import a file named “cachain.pem” containing the whole certificate chain, from Certificate Authority Root down to server certificate, including intermediate CA, using PEM format (ASCII format, starting with line “-----BEGIN CERTIFICATE-----“).

9.2.3. Custom CA on Nokia

Nokia devices accept certificate in DER format (binary format, non ASCII as PEM). Remember to use a DER format certificate, otherwise Nokia phones will not recognize it properly.

You can install a new CA root in three ways:

• Point your phone’s browser to the CA root certificate URL

• Send the certificate via Bluetooth

• Copy your certificate to the SD and open with a file manager application

You will be prompted to trust the certificate. PrivateGSM can now connect to your server.

9.3. Restrict Certificate Authority

SSL certificates management is the key point in SECRET security level, so PrivateGSM takes all SSL aspects in great consideration. You can further restrict the constraints on SSL choosing one single CA root, which you trust particularly. This feature gives you some additional advantages:

34


• Use certificates signed by your private internal CA, not known and present on OTS devices

• Choose one single CA root that you trust, reducing the risks that an attacker uses a compromised, but still valid CA root, to carry on a MITM attack.

9.3.1. Restrict CA on iPhone

Import a custom CA (see 9.2.2“Custom CA on iPhone”). Open and edit Sip settings, and set to ON setting named “Enable custom CA root”

9.3.2. Restrict CA on Nokia

Import a custom CA (see 9.2.3 “Custom CA on Nokia”). Open Settings -> Advanced Settings -> TLS Settings and set to ON setting named “Enable custom CA root”

35


10. Top Secret Security

The “Top Secret” level applies an End-To-End security model, with audio data encrypted on one call-end and decrypted on the other call-end, without any possibility to decrypt it in the middle.

PrivateGSM relies on ZRTP protocol, so there is no need to deploy a PKI infrastructure, but a human verification is required to exclude the presence of a MITM (Man In The Middle).

10.1. Verifying call security

PrivateGSM Demo and end-to-end encryption enabled version use an encryption and security system based on ZRTP protocol.

This protocol is based on "human" verification of the two words (called Short Authentication String) displayed at the beginning of a call. The SAS (Short Authentication strings) are made up of two words in English, randomly generated for each call. The SAS displayed on the two phones must be verbally compared by the two callers to guarantee call security. After the security has been verified the two peers should trust each other.

Verify call security on BlackBerry:

Matching key

exchanges:

the call is secure!

1. The caller reads his key out loud

2. The called party makes sure it matches his

36


Verify call security on iPhone:

Matching key exchanges:

the call

is secure!



Verify call security on Nokia:

Matching key exchanges:

the call

is secure!



Suggestion: After making sure the Short Authentication Strings match and that the called party is really the person you are speaking to, save the contact in the phone book as “trusted” by clicking Trust. This way, you

37


need not verify the key exchange whenever you call this contact (trusted) in the future.The Short Authentication Strings will no longer be highlighted in orange. Security is guaranteed by the ZRTP key continuity feature.

Thus, in normal conditions, subsequent communications with a "trusted" contact can start without the need of verbal verification.

Short authentication Strings background color is different and SAS should only be verified in the event of wiretapping attempts or changes to one of the two phones' configurations. In this case, the keys must be verbally verified or the call immediately interrupted.

Secure call between trusted contacts

Trusted contacts

10.2. Identifying a wiretapping attempt

10.2.1. Attempt to wiretap a call to a "trusted" contact

If a third party attempts to wiretap a call to a previously verified contact saved as trusted, PrivateGSM automatically detects the wiretapping attempt, interrupts the call and displays the following security alert.

38


Wiretapping attempt alert

After receiving a security alert, you must always verbally re-verify the key exchanges and re-save your contact as trusted for future calls (see chapter 10.1 Verifying call security).

IMPORTANT The security alert may even be displayed when there is no wiretapping attemptbut when your contact changes his phone number or phone. It may also bedisplayed when the software is re-installed on one of your trusted contact's phones. You must always re-verify contact security after a security alert.

!

10.2.2. Attempt to wiretap a call to a contact not yet saved as "trusted"

In the event a third party attempts to wiretap a call to a contact not yet saved as trusted, PrivateGSM displays two different key exchanges on the two phones. The callers should verbally verify the differences between the two key exchanges and interrupt the call.

39


NON matching key exchanges:

wiretapping

attempt in progress!


2. The called party verifies that keys do NOT match and interrupts the call!

40


11. Checking the call in progress

During a secure call, PrivateGSM displays:

• key exchange status at the beginning of the call;

• connection quality.

11.1. Call status

To establish a connection, PrivateGSM completes three phases; an icon shows on the screen the call status:

Exchanging ZRTP keys

41


11.1.1. Call status icons

Red light Starting the connection

Connection not yet established. This step may take several seconds (see chapter 15.6 “Differences between secure and standard calls”).

Yellow light Key exchange

Connection established but ZRTP keys are being exchanged.

Green light Secure call established

Connection established and secure. You can now speak in a secure way.

11.2. Call quality level

Some factors that affect the GSM network (i.e.: GPRS use, poor signal, frequent radio cell changes, roaming), could decrease call quality, increasing voice delay. An icon shows the current call quality level:

Poor connection quality

42


11.2.1. Call quality level icons

Poor connection quality

Average connection quality

Good connection quality

Note: If connection quality remains poor, we suggest you seek better network coverage or connect to a better broadband Wi-Fi access point.

43


12. In-Call features

12.1. Adjusting audio volume

You can adjust secure call volume in the same way as you do adjusting standard call volume.

To adjust the volume during a secure call:

• Use the volume key on your phone (if applicable).

• Use the scroll key, scrolling left to lower volume or right to raise it.

12.2. Turning speaker phone and microphone on and off

You can turn on your speaker phone or mute your microphone during a call.

To turn speaker phone on/off during a secure call:

• Nokia: click Options > Activate loudspeaker

• iPhone: tap in the middle of the screen > tap on speaker icon

• BlackBerry: press menu key > Activate loudspeaker

To turn the microphone on/off during a secure call:

• Nokia: click Options > Mute microphone

• iPhone: tap in the middle of the screen > tap on mute icon

• BlackBerry: press menu key > Mute microphone

44


Speaker phone and microphone menu

45


13. Advanced telephony features

In the following paragraphs some advanced telephony features are described, useful in specific Enterprise scenarios with PrivateGSM Enterprise and PrivateServer while using end-to-site encryption.

13.1. Secure call transfer

While in the middle of a secure call you can transfer secure call to another contact.

• iPhone: tap in the middle of screen > tap on Transfer icon

• Nokia: click on options > select Transfer menu item

• Blackberry: press menu key > select Transfer Call

You can transfer the call to a contact in your address-book or you can input a number to transfer the call to.

13.2. Secure 3-way calling

While in the middle of a secure call you can add a third participant:

• iPhone: tap in the middle of screen > tap on Add icon

• Nokia: click on options > select Add Participant menu item

• Blackberry: press menu key > select Add Participant menu item

You can add a new participant to the current secure call, by choosing him from your address-book or inserting his number.

46


13.3. Secure Conference Room

Conference room is a feature provided by the PrivateServer secure PBX. You should dial the conference room phone number and, if a PIN is required, while in the middle of call:

• iPhone: tap in the middle of screen > tap on DTMF icon and digit PIN number

• Nokia: click on options > select Send DTMF menu item and digit PIN number

• Blackberry: press menu key > select Send DTMF menu item and digit PIN number

47


14. Other functions and settings

14.1. BlackBerry functions

14.1.1. Changing the Access Point

To change the Access Point, select Settings > Advanced Settings > Connection Settings from the PrivateGSM menu. Restart the application for change to take effect. PrivateGSM automatically reconnects after the change.

IMPORTANT WAP or MMS access points cannot be used. !

To change the access point:

1. Select Connection settings 2. Select the access point

14.1.2. Ending and re-starting an Internet connection

You can end the Internet connection to stop receiving secure calls. The application remains in the background and can be started at any time by starting a connection.

48


To end and re-start an Internet connection:

Select Go offline

IMPORTANT You cannot receive or make secure calls when you are not connected to theInternet. !

14.1.3. Exit the application and end the Internet connection

To stop receiving secure calls, exit the application, automatically ending the Internet connection.

To re-launch the application, open the mobile phone menu and select PrivateGSM. The connection is automatically re-started.


49


To exit the application and automatically close the connection:

Select Exit

14.2. iPhone functions

14.2.1. Exit the application

If you want to close PrivateGSM disconnecting it, you have to kill the application:

1. Double click on HOME button 2. Press PrivateGSM icon until it changes 3. Tap on it and it will be closed

50


14.3. Nokia functions

14.3.1. Changing the Access Point

To change the Access Point, select Settings > Default access point from the PrivateGSM menu. Restart the application for change to take effect. PrivateGSM automatically reconnects after the change.

IMPORTANT WAP or MMS access points cannot be used. !

To change the access point:

1. Select Default access point 2. Select the access point

14.3.2. Ending and re-starting an Internet connection

You can end the Internet connection to stop receiving secure calls. The application remains in the background and can be started at any time by starting a connection.

51


To end and re-start an Internet connection

1. Select Options 2. Select Go offline/Go online


14.3.3. Exit the application and end the Internet connection

To stop receiving secure calls, exit the application, automatically ending the Internet connection.

To re-launch the application, open the mobile phone menu and select PrivateGSM. The connection is automatically re-started.


52


To exit the application and automatically close the connection:

1. Select Options 2. Select Exit

53


15. What you should know before you use PrivateGSM

15.1. Interaction with standard GSM voice calls

If the user receives a standard call (voice) during a secure call (VoIP), the following may occur:

1. The user accepts the voice call: since this channel takes priority over VoIP, the secure call is automatically interrupted.

2. The user refuses the voice call: the VoIP call remains connected and the user can continue the secure conversation.

15.2. When doesn't PrivateGSM protect your data

PrivateGSM cannot protect your conversations in the following cases:

1. Wiretapping by physical environmental bugs placed in your home, office or car.

2. Wiretapping by long distance directional microphones.

PrivateGSM cannot protect you from the following geographic tracking systems:

1. GSM mobile phone locators

2. GPS locators

Note: We suggest you consult security experts to protect yourself against these types of devices.

15.3. Call quality when moving

It may take longer to establish a connection or experience short audio interruptions when travelling by car or high speed train. This is because you are switching from one GSM network radio cell to another. Call quality depends on the local infrastructures the phone operator uses.

54


For example, in the suburbs, the GSM network is made up of less cells but with higher coverage; switching from one cell to another is less frequent (i.e.: highway). Contrarily, in metropolitan areas, the GSM network is made up of more cells but with lower coverage; switching from one cell to another is more frequent (i.e.: expressways and ring roads).

Note: No perceivable vocal defects were demonstrated in tests conducted at 150 km/h with PrivateGSM.

15.4. Networks and call quality

Secure calls with PrivateGSM use VoIP technology that exploits an Internet connection to make a call via TCP/IP and UDP packet exchange. Thus, data packets containing voice, encoded and encrypted information are routed on the network during a call.

PrivateGSM secure calls thus require an open Internet connection without any firewall or restriction by the caller or called party.

Mobile phone operators typically offer two types of Internet access with two different Access Points:

• Full Internet access: supports all transmission protocols. Required by PrivateGSM.

• WAP/MMS access: does not allow PrivateGSM to work.

Following is a list of network types, ordered by quality, bandwidth1 and latency2:

Technology Wi-Fi HSD PA UMTS EDGE GPRS Satellite

Quality Best Worst

1 Bandwidth determines the amount of data transmitted per second. 2 Latency determines the time required for data to reach its destination.

55


Note: To check your mobile phone network, check the symbol next to the signal bar:

EDGE network 3G network 3.5 G network (HSDPA)

Suggestion: Use Wi-Fi when available. There are no additional access costs and call quality is definitely better.

15.5. Rates

PrivateGSM secure calls use an Internet connection thus data traffic is charged. Costs depend on the rate set with your phone service provider.

To receive secure calls, PrivateGSM must keep an Internet connection open. You should, therefore, choose a rate that lets you stay online as long as you need to receive and make secure calls (i.e.: 24/7, or business hours).

Note: We suggest you consult your operator to set a flat rate tied to your connection needs.

Note: When using PrivateGSM abroad, make sure you have a data traffic rate plan that lets you check costs.

56


15.5.1. Limited traffic rate plan disadvantages

Data limited traffic rate plan You pay according to data traffic when online. On average, PrivateGSM exchanges data packets for a total of 2MB a month. This is calculated considering average bandwidth between 100k/minute and 200k/minute. Thus 1MB of Internet traffic equals a minimum of 5 minutes to a maximum of 10 minutes.

Time limited rate plan You pay according to connection time. These planes are unfavorable and not recommended for PrivateGSM use.

15.6. Differences between secure and standard calls

Delays in establishing a connection To establish a connection with the called party, PrivateGSM needs from 5 to 60 seconds based on the caller and called party's Internet connection qualities.

Voice delay Unlike standard calls, VoIP secure calls may be subject to voice delays from 1/5 of a second to a maximum of two seconds. This depends on the technology adopted by the data transmission network. The better the connection, the shorter the voice delay.

Different ring tone PrivateGSM secure calls use different ring tone than standard calls (not customizable).

Battery charge Internet connection may lower your phone's battery life. Average mobile phone battery consumption may increase from a minimum of 5% to a maximum of 35% based on the type of network used by the Internet connection. Note: A Wi-Fi network consumes more than a 3G network. A 3G network consumes more than a 2G network.

57


16. User license and license code

PrivateGSM can have different license status:

• Full: you have a valid license.

• Subscription: you have a period license

• Trial: you have are in 15 days trial period

• Expired: the license is expired

Upon first installation, PrivateGSM Demo is set to Full mode for a 15-day trial period. At the end of the trial period, the software automatically switches to expired mode and you cannot dial neither receive anymore secure calls.

Trial period is valid only at first installation on a specific device.

16.1. Checking your user license

16.1.1. BlackBerry: check your current user license

1. Select License from the main menu 2. Check your user license

58


16.1.2. iPhone: check your current user license

1. Select More and Licensing 2. Check your user license

16.1.3. Nokia: check your current user license

1. Select License 2. Check your user license

16.2. Activating a license

PrivateGSM provides a trial period when you use all features for free. In order to continue using PrivateGSM you need to activate a valid license, by typing a valid license code.

59


16.2.1. BlackBerry: license activation

1. Select License 2. Insert the license code you received

3. Click on Activate button

16.2.2. iPhone: license activation

1. Select Licensing under More

2. Insert the license code you received

3. Tap on Activate button to activate your license

60


16.2.3. Nokia: license activation

1. Select License 2. Insert the license code you received 3. License registration

16.3. License Migration

PrivateGSM license is bound to your device and SIM:

• if you change your device and move your SIM into your new device, your license will be automatically migrated to new device.

• if you change your SIM (eg: move to a new mobile operator) and insert a new SIM, your license status will be preserved.

IMPORTANT Automatic license migration from one iPhone device to a new device is NOT supported, due to some platform constraints imposed by current releases ofOperative System. Request a manual license migration to PrivateWave before switching your iPhone.

!

61


IMPORTANT TRIAL PERIOD is NOT supported on iPhone, due to legal constraints imposed by current Terms & Conditions of App Store. !

16.4. License status icon (Nokia and BlackBerry)

On Nokia and Blackberry platform you can also check license status from main screen of PrivateGSM. The license icon changes depending on license status. License status is shown by the license icon that appears in PrivateGSM menu:

Trial period Full mode

Receive Only mode

Waiting for server response after license code registration.

Full license

User license expired: you are asked to enter a new license code.

62


17. PrivateGSM Demo Invite features

DEMO version of PrivateGSM provides some additional features that let you easily try the application with your contacts, simplifying installation and deployment process.

17.1. Inviting a contact to use PrivateGSM Demo

You can invite a contact from your phone book to use PrivateGSM. The contact will receive a text message with a link, inviting him to install the product.

17.1.1. BlackBerry: invite a contact from your phone book

1. Select Invite others 2. Select a contact

3. Confirm invitation

63


17.1.2. iPhone: invite a contact from your phone book

1. Tap Invite button 2. Select a contact 3. Confirm invitation delivery

17.1.3. Nokia: invite a contact from your phone book

1. Select Invite others 2. Select a contact 3. Confirm invitation delivery

The invited contact need only click on the link in the message: if the mobile phone is compatible, the wizard launches (see procedure screen 4 3.1 “Installation via email/SMS message”).

64


17.2. Accept invitation

To accept an invitation to install PrivateGSM:

BlackBerry: click on the link and download the installation wizard

iPhone: click on the link and the installation wizard will be launched

Nokia: click on the link and the installation wizard will be launched

Note: The “Invite others” option is available only for the Demo version, in order to allow users to build a contact network to make secure calls.

65


18. Most frequent VoIP network problems

18.1. PrivateGSM does not connect and does not let me make calls

Problem

PrivateGSM does not correctly go online and generates an error during registration/connection.

Diagnostics

The access point in use is incorrect and/or PrivateGSM is connected to a network that is not correctly set.

Possible solution

• Check whether the phone can access the Internet, opening any web page.

• Check whether the access point in use is a full Internet connection and not a WAP or MMS connection. You can only use PrivateGSM with a full Internet connection.

• Check whether the Wi-Fi network you're connected to supports TCP/IP and UDP protocols. Internet connections with proxy servers do not work with PrivateGSM and firewalls need to be opened to allow internal networks to work with a proxy server.

• Check whether your SIM card balance (top-up) is sufficient.

• Check whether Internet connections are enabled on the SIM card. Some phone operators require you set a specific rate plane for Internet access which must be requested by the user and confirmed by the operator.

18.2. The call interrupts with a failed connection error

Problem

PrivateGSM is correctly online and lets you make/receive a secure call but the call never gets past the Exchanging keys phase (yellow light). PrivateGSM interrupts the call with a failed connection error and you cannot hear the called party.

66


Diagnostics

The access point in use is incorrect and/or PrivateGSM is connected to a network that is not correctly set.

Possible solution

• Check whether the phone can access the Internet, opening any web page.


• Make sure the firewall allows UDP protocol output.

• Change access point.

18.3. Only one caller can hear the other (one-way)

Problem

PrivateGSM is correctly online and lets you make/receive a secure call.

It reaches the Secure call established (green light) status, exchanging keys, but only one caller can hear the other.

Diagnostics

The caller's PrivateGSM has audio problems, due to incorrect settings. For example, it is using a WAP access point and not a full Internet access point or a network with incorrect settings.

Possible solution


67


18.4. Dialing takes one or more minutes

Problem

PrivateGSM makes/receives a secure call but remains in the Starting a connection phase (red light) for one or more minutes, hanging up with a failed connection message. Re-dialing, the call sometimes goes through.

Diagnostics

PrivateGSM uses the Internet via a radio frequency range provided by the operator or Wi-Fi connection in use. Radio frequencies are subject to data packet loss in certain environmental conditions such as if you are close to a large wall, a repeater or in the event of network overload, for example, during a public event.

During a voice call, a minimum level of data packet loss is negligible for voice quality but may be a determinant factor for that part of the signal dedicated to the phone system (i.e.: SIP/TLS protocols used to make a call, receive a call, end a call, and so on). Data transmission may thus be difficult during the start/end call phase even if the phone displays a good signal level.

Possible solution

• Check whether the two callers are surrounded by radio disturbances.

• If using PrivateGSM in a crowded place, decide whether you should switch from the UMTS network to the GSM network. In fact, a UMTS network that works at 2,100 MHz is more crowded than a GSM network that works at 900/1,800 MHz.

18.5. Frequent audio interferences

Problem

PrivateGSM calls are subject to frequent audio interruptions or interferences and the conversation is difficult.

Diagnostics

Internet connections are often overloaded and mobile phone operators do not have enough bandwidth. In these cases, establishing a connection may be difficult or impossible or, once established, audio may be suddenly interrupted and similar problems occur.

68


Possible solution

• Make sure the network is actually overloaded: open a web page (N.B.: pick a web page you do not frequently open). A page that does not load or loads slowly, timing out, indicates that the network is overloaded and cannot be used for secure calls.

69


19. Functional notes

19.1. Incompatibility with other installed applications (Nokia devices)

PrivateGSM uses APS (Audio Proxy Server) and VAS (VoIP Audio Service) which, if installed on your phone since used by other applications (i.e.: Fring, instant message software), may interfere with correct software operations. In this case, uninstall the other applications and re-install PrivateGSM.

70


20. How to contact us

Visit us at:

http://www.privatewave.com

Contact our technical staff:

tel: +39 02 911930891 Monday through Friday, 10 AM to 12 PM, 2.30 PM to 4.30 PM.

email: [email protected]

PrivateGSM user manual multiplatform_en

Technology

Transcript of PrivateGSM user manual multiplatform_en