Comments on: Cellcrypt – Secure Voice for the Blackberry

By: Kevin Heald

Kevin Heald — Mon, 18 May 2009 13:03:44 +0000

Totally understand, and I figured you all could access the CAC or any smart card…the interfaces are pretty standard.

The SME-PED will always be behind commercial devices for the reasons you mentioned. Sometimes I do wonder who really needs Type 1 and who can make do with something like your solution.

Either way, thx for the comment!

By: Rodolfo

Rodolfo — Sat, 16 May 2009 00:55:49 +0000

One last thing, SME-PED still uses CSD and not IP which means that 1- the signaling call data is not secure 2- has an horrible performance in terms of network availability and voice latency.

By: Rodolfo

Rodolfo — Sat, 16 May 2009 00:49:26 +0000

Hi Kevin, thanks for your post about Cellcrypt.

Plugging into an external PKI is certainly feasible – we already assumed that larger customers will want to use their own. This also means that implementing the DoD CAC would be a possibility. CAC is just x.509 and there is already out a Bluetooth smart card reader for the BlackBerry.

Re SME-PED there is a fundamental difference in the goal we are trying to achieve. The SME-PED is a Type 1 encryption device, meaning that not just the communications are secure but the entire device (meaning both software and hardware) are certified to be secure and this include anti-tampering and TEMPEST shielding. This means that it has very long development cycles and has an endemic “old generation” feel to it.
SME-PED is certified to carry information that is classified as Top Secret while Cellcrypt was designed for (Secret, Confidential, Unclassified but Sensitive).

If you look at the bigger picture there are approx 30k-50k users of Type 1 devices in the Federal Government… and everybody else is not using any voice security whatsoever. We basically wanna fill that middle market without replacing your phone with a brick.

Rodolfo (co-founder of Cellcrypt)