PrivateGSM user manual multiplatform_en
Upcoming SlideShare
Loading in...5
×
 

PrivateGSM user manual multiplatform_en

on

  • 887 views

 

Statistics

Views

Total Views
887
Views on SlideShare
887
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

PrivateGSM user manual multiplatform_en PrivateGSM user manual multiplatform_en Document Transcript

  • © 2005 - 2011 PrivateWave Italia SpA - All trademarks are property of their respective owners. All rights reserved.
  • 1Contents1. Introduction........................................................................................................................................ 42. PrivateGSM installation pre-requisites ............................................................................................ 53. Installing the software ...................................................................................................................... 63.1. Installation via email/SMS message .................................................................................................... 6 3.1.1. BlackBerry installation ............................................................................................................. 7 3.1.2. iPhone installation................................................................................................................. 10 3.1.3. Nokia installation .................................................................................................................. 103.2. PC installation.................................................................................................................................. 12 3.2.1. BlackBerry Desktop manager ................................................................................................ 12 3.2.2. Nokia PC Suite installation .................................................................................................... 134. PrivateGSM Enterprise Configuration............................................................................................ 144.1. BlackBerry........................................................................................................................................ 154.2. iPhone ............................................................................................................................................. 164.3. Nokia ............................................................................................................................................... 165. PrivateGSM Demo automatic activation........................................................................................ 175.1. BlackBerry........................................................................................................................................ 175.2. iPhone ............................................................................................................................................. 185.3. Nokia ............................................................................................................................................... 196. Start PrivateGSM.............................................................................................................................. 206.1. Start PrivateGSM on Nokia/BlackBerry.............................................................................................. 206.2. Start PrivateGSM on iPhone ............................................................................................................. 217. Making a secure call with PrivateGSM Demo ............................................................................... 237.1. Call modes....................................................................................................................................... 237.2. Secure prefix number (Nokia and BlackBerry) ................................................................................... 237.3. Secure URL (iPhone devices)............................................................................................................. 237.4. Dial secure call with +801 prefix ...................................................................................................... 24 7.4.1. Dialing a secure call .............................................................................................................. 24 7.4.2. Dialing a secure call from contacts ........................................................................................ 257.5. Dial secure call from PrivateGSM application.................................................................................... 26 7.5.1. Dialing a secure call .............................................................................................................. 26 7.5.2. Dialing a secure call from contacts ........................................................................................ 268. Receiving a secure call ..................................................................................................................... 298.1. Receive a secure call on iPhone ........................................................................................................ 298.2. Receive a secure call on iPhone ........................................................................................................ 298.3. Receive a secure call on Nokia.......................................................................................................... 309. Secret Security.................................................................................................................................. 319.1. Verifying call security ....................................................................................................................... 319.2. Custom Certificate Authority ........................................................................................................... 32 User manual, March 2011
  • 2 9.2.1. Custom CA on Blackberry..................................................................................................... 33 9.2.2. Custom CA on iPhone .......................................................................................................... 33 9.2.3. Custom CA on Nokia ............................................................................................................ 339.3. Restrict Certificate Authority ............................................................................................................ 33 9.3.1. Restrict CA on iPhone ........................................................................................................... 34 9.3.2. Restrict CA on Nokia............................................................................................................. 3410. Top Secret Security ........................................................................................................................ 3510.1. Verifying call security ..................................................................................................................... 3510.2. Identifying a wiretapping attempt.................................................................................................. 37 10.2.1. Attempt to wiretap a call to a "trusted" contact................................................................. 37 10.2.2. Attempt to wiretap a call to a contact not yet saved as "trusted" ....................................... 3811. Checking the call in progress ........................................................................................................ 4011.1. Call status...................................................................................................................................... 40 11.1.1. Call status icons .................................................................................................................. 4111.2. Call quality level............................................................................................................................. 41 11.2.1. Call quality level icons ......................................................................................................... 4212. Call functions.................................................................................................................................. 4312.1. Adjusting audio volume ................................................................................................................. 4312.2. Turning speaker phone and microphone on and off ...................................................................... 4313. Advanced telephony features ...................................................................................................... 4513.1. Secure call transfer......................................................................................................................... 4513.2. Secure 3-way calling ...................................................................................................................... 4513.3. Secure Conference Room............................................................................................................... 4614. Other functions and settings ........................................................................................................ 4714.1. BlackBerry functions....................................................................................................................... 47 14.1.1. Changing the Access Point ................................................................................................. 47 14.1.2. Ending and re-starting an Internet connection .................................................................... 47 14.1.3. Exit the application and end the Internet connection .......................................................... 4814.2. iPhone functions ............................................................................................................................ 49 14.2.1. Exit the application ............................................................................................................. 4914.3. Nokia functions.............................................................................................................................. 50 14.3.1. Changing the Access Point ................................................................................................. 50 14.3.2. Ending and re-starting an Internet connection .................................................................... 50 14.3.3. Exit the application and end the Internet connection .......................................................... 5115. What you should know before you use PrivateGSM ................................................................. 5315.1. Interaction with standard GSM voice calls ...................................................................................... 5315.2. When doesnt PrivateGSM protect your data ................................................................................. 5315.3. Call quality when moving............................................................................................................... 5315.4. Networks and call quality ............................................................................................................... 5415.5. Rates ............................................................................................................................................. 55 15.5.1. Limited traffic rate plan disadvantages ................................................................................ 5615.6. Differences between secure and standard calls .............................................................................. 5616. User license and license code........................................................................................................ 5716.1. Checking your user license............................................................................................................. 57 User manual, March 2011
  • 3 16.1.1. BlackBerry: check your current user license ......................................................................... 57 16.1.2. iPhone: check your current user license............................................................................... 58 16.1.3. Nokia: check your current user license ................................................................................ 5816.2. Activating a license ........................................................................................................................ 58 16.2.1. BlackBerry: license activation............................................................................................... 59 16.2.2. iPhone: license activation .................................................................................................... 59 16.2.3. Nokia: license activation...................................................................................................... 6016.3. License Migration........................................................................................................................... 6016.4. License status icon (Nokia and BlackBerry)...................................................................................... 6117. PrivateGSM Demo Invite features ................................................................................................ 6217.1. Inviting a contact to use PrivateGSM Demo.................................................................................... 62 17.1.1. BlackBerry: invite a contact from your phone book ............................................................. 62 17.1.2. iPhone: invite a contact from your phone book................................................................... 63 17.1.3. Nokia: invite a contact from your phone book .................................................................... 6317.2. Accept invitation............................................................................................................................ 6418. Most frequent VoIP network problems ....................................................................................... 6518.1. PrivateGSM does not connect and does not let me make calls ....................................................... 6518.2. The call interrupts with a failed connection error ........................................................................... 6518.3. Only one caller can hear the other (one-way) ................................................................................. 6618.4. Dialing takes one or more minutes................................................................................................. 6718.5. Frequent audio interferences ......................................................................................................... 6719. Functional notes............................................................................................................................. 6919.1. Incompatibility with other installed applications (Nokia devices) ..................................................... 6920. How to contact us.......................................................................................................................... 70Note:The following manual contains valid yet generic technical information. Some phone screen and menureferences may vary according to the model. User manual, March 2011
  • 41. IntroductionPrivateGSM guarantees phone conversation security and privacy on mobile phones.It exists in two main types: • PrivateGSM Enterprise can be used within a company network in the Enterprise VoIP Security Suite along with a locally installed PrivateServer; • PrivateGSM DEMO can be used to try the software easily and without any server configuration requirements. Once installed on a phone, PrivateGSM DEMO is able to encrypt all incoming and outgoing calls from/to other PrivateGSM users: thus, the software must be installed on the caller and the called party’s phones. PrivateGSM Demo allows you to invite other users to use the system through the “invite other” feature.PrivateGSM uses VoIP technology (Voice over IP) and requires Internet access.This guide will provide a complete overview of all the features and scenarios of use of PrivateGSMEnterprise and PrivateGSM DEMO. User manual, March 2011
  • 52. PrivateGSM installation pre-requisitesBefore installing the software, make sure the following requisites are met:Mobile phone compatibility. Check the Support section at: www.privatewave.comInternational text message capability. Check your service contract. A text message must be sent to a number in the United Kingdom to activate the DEMO version of the product.Full internet access service. The phone service contract must include full internet access. WAP or MMS connections are not admitted and WILL NOT WORK.Note:Blackberry DESKTOP MANAGER must be installed on your PC to install the Blackberry version ofPrivateGSM via USB.Apple iTunes must be installed on your PC to install the iPhone version of PrivateGSM via USB.NOKIA PC Suite must be installed on your PC to install the Nokia version of PrivateGSM via USB. User manual, March 2011
  • 63. Installing the softwareYou can install PrivateGSM on your mobile phone via email/SMS message or PC (via Bluetooth or USBport) or via AppStore for iPhone.Once the installation file download has completed, the installation wizard completes the setup.3.1. Installation via email/SMS messageThe phone must have Internet access for this installation.To download, install and activate software via email/text message: 1. Provide your phone number on http://m.privategsm.com if you want to try PrivateGSM Demo or insert it on http://e.privategsm.com if you want to receive PrivateGSM Enterprise (PrivateServer PBX required). 2. Read and accept the license and privacy consent terms. 3. Select your phone model. 4. Select option via email/SMS message. 5. Enter your email address or mobile phone number.Click Download to receive an installation email/text message. Click on the link in the message todownload the software and launch the installation and activation procedure.Note:In order to activate Demo version an SMS text message will be sent to a UK PrivateWave number (UK+44). Therefore, your SIM card must be enabled to send international text messages and your creditbalance must be able to cover these charges. User manual, March 2011
  • 73.1.1. BlackBerry installation3.1.1.1. InstallerOn BlackBerry platform, before installing actual PrivateGSM application, you can download and install an“installer” application that check if you device is supported or if it could be supported after an OSupgrade (eg: Bold 9000 or Curve 8520 have, as default operative system, OS 4.6.x which is notsupported, but if you upgrade OS through Desktop Manager to OS 5.x, PrivateGSM will work on thesedevices).  1. Click on the link 2. Open link  3. Downloading progress 4. Run Installer  5. Installer report User manual, March 2011
  • 83.1.1.2. Installation  1. Download PrivateGSM 2. Installation completed  3. PrivateGSM icon is installed 4. Accept the license agreement in Download folder  5. Enable auto-start3.1.1.3. Selecting the access point name after installationAfter installation, it is required to select and configure the right APN (Access Point Name) depending onyour mobile operator. Generally, Blackberry devices have a flat tariff plan bound to BES or BIS-B offerings. User manual, March 2011
  • 9PrivateGSM requires an extra APN to works: ask your mobile operator’s customer service the followingdetails: • APN (access point name) • Username • Password  1. APN is required 2. Insert APN name, username and password  3. Exit and save ! IMPORTANT Before using PrivateGSM: according to your mobile tariff plan, it is possible that you have to pay also when dialing and receiving a secure call. Check extra costs for Access Point usage with your mobile operators customer service! User manual, March 2011
  • 103.1.2. iPhone installation 1. Click on the link 2. Confirm download3.1.3. Nokia installation3.1.3.1. Download   1. Click on the link 2. Confirm download 3. Check progress User manual, March 2011
  • 113.1.3.2. Installation   4. Confirm installation 5. Confirm to continue 6. Select the phone memory  7. Accept the license agreement 8. Enable auto-start3.1.3.3. Selecting the access point after installationAfter installation, select the full internet access point. If you selected an incorrect access point (withconsequent difficulties in accessing the internet or sending the activation text message) you can change itlater and re-launch product activation (see chapter 14.3.1 “Changing the Access Point”). User manual, March 2011
  • 12 Select the full internet access point3.2. PC installationYou can download the software to your PC and install it on your phone via Bluetooth or USB port.To download, install and activate software via PC: 1. Open pages Trial and product Download at www.privatewave.com. 2. Read and accept the license and privacy consent terms. 3. Select your phone model. 4. Select option via PC.Click Download, save the file on your PC and install it on your phone via Bluetooth or USB port.3.2.1. BlackBerry Desktop manager 1. Connect your phone to the PC via USB port. 2. Unzip PrivateGSM zip archive, containing .COD and .ALX files User manual, March 2011
  • 13 3. Run Desktop Manager, connect your phone and add a new application, selecting .ALX file3.2.2. Nokia PC Suite installation3.2.2.1. Installation via Bluetooth 1. Send the file to your phone via Bluetooth protocol. 2. Open the message in your Inbox. The wizard is launched (see procedure screen 4 3.1 “Installation via email/SMS message”).3.2.2.2. Installation via USB 1. Connect your phone to the PC via USB port. 2. Run Nokia PC Suite, select your phone and install the software using the Application Installation function. 3. The wizard is launched (see procedure screen 4 3.1 “Installation via email/SMS message”). User manual, March 2011
  • 144. PrivateGSM Enterprise ConfigurationBefore you can start using PrivateGSM Enterprise with Enterprise VoIP Security Suite you must configure aSIP account that’s properly configured and enabled on a PrivateServer.In this section you will be guided to configure your SIP account. PrivateGSM lets you configure the usualparameters, plus some advanced settings. • SIP Server: registrar hostname • SIP Server Port: registrar SIP port • Realm: registrar realm or leave it set to ‘*’ • Username: SIP account assigned to you • Password: password used to authenticate you • Use Proxy: set it to ON if you have an actual SIP proxy or if you use a TLS port different than 5061 • SIP Proxy Server: SIP proxy hostname if present (eg: configuration with an external SIP Security Controller such as UM-Labs, otherwise set it to sip registrar hostname) • SIP Proxy Port: SIP proxy port if present or registrar port User manual, March 2011
  • 154.1. BlackBerry  1. Account is not configured yet 2. Select Settings  3. Select advanced settings 4. Confirm advanced settings modification  5. Select Sip Settings 6. Insert your account data  7. Exit and save 8. Restart PrivateGSM User manual, March 2011
  • 164.2. iPhone  1. From the main screen select More 2. Select Settings 3. Configure your SIP account button4.3. Nokia 1. No account configured yet 2. Configure account User manual, March 2011
  • 175. PrivateGSM Demo automatic activationWith DEMO mode, PrivateGSM automatically create an account on PrivateWave servers and bind yourmobile phone number to it, so that you can dial your contacts using their mobile number instead of usinga new extension.In order to activate DEMO mode PrivateGSM sends an SMS to a PrivateWave UK’s number, so be surethat your SIM is enabled to send international SMS. Since this feature is subject to additional cost relatedto sending an SMS, PrivateGSM asks to the user to confirm the action before proceeding with it.5.1. BlackBerry  1. Select Auto activation 2. Activation starting  3. Sending activation SMS User manual, March 2011
  • 185.2. iPhone   1. Select automatic activation 2. A text message will be sent 3. Send message  4. Activation pending 5. Activated User manual, March 2011
  • 195.3. Nokia 1. Select automatic activation 2. A text message is sent to a PrivateGSM number User manual, March 2011
  • 206. Start PrivateGSMPrivateGSM will automatically connect to secure VoIP server each time you turn on your phone (hidden inthe background).When an Internet connection is available, you can: • Start PrivateGSM application. • Receive and dial secure calls.On Nokia and BlackBerry devices it is possible to disable auto-start feature. It is not possible to disable iton iPhone devices. ! IMPORTANT To make a secure call, the called party must be running PrivateGSM software and be connected to the Internet as well!6.1. Start PrivateGSM on Nokia/BlackBerryTo Start PrivateGSM from within Nokia or Blackberry just dial 801.All other application functions are accessible from the PrivateGSM menu.To open PrivateGSM menu on BlackBerry: User manual, March 2011
  • 21  1. Dial “801” and press the dial button 2. The PrivateGSM menu appears. Click Hangup or Back button to return the application to the backgroundTo open the PrivateGSM menu on Nokia: 1. Dial “801” and press 2. The PrivateGSM menu appears. the dial button Click Hide to return the application to the background6.2. Start PrivateGSM on iPhoneAll application functions are accessible from PrivateGSM main UI. ! IMPORTANT Features based on Secure Prefix 801 features are not available on iPhone, due to some platform constraints imposed by current releases of Operative System. User manual, March 2011
  • 22To open the PrivateGSM menu: 1. Tap on PrivateGSM icon 2. The PrivateGSM menu appears. Click HOME button to return the application to the background User manual, March 2011
  • 237. Making a secure call with PrivateGSM7.1. Call modesPrivateGSM lets you: • Make secure calls to phone numbers and contacts using the PrivateGSM +801 prefix (pgsm:// URL on iPhone). In this case, you do not need to manually open the main menu if the application is in background. • Make secure calls to phone numbers and contacts without entering the PrivateGSM prefix by directly using the application menu.7.2. Secure prefix number (Nokia and BlackBerry)Calls with PrivateGSM are simply identified by the “+801” prefix in front of the number to be dialedincluding the international prefix without zeros. For example: “+801 44 333 1234567”+801 PrivateGSM prefix, including ‘+’44 International country code for UK without zeros333 1234567 Phone numberNote:For quick dialing, we recommend you save numbers with the +801 prefix as "secure" contacts in yourphone book.7.3. Secure URL (iPhone devices)Calls with PrivateGSM are simply identified by the URL “pgsm://” prefix in front of the number to bedialed including the international prefix without zeros. For example: User manual, March 2011
  • 24 “pgsm://44 333 1234567”pgsm:// PrivateGSM prefix, including ‘+’44 International country code for UK without zeros333 1234567 Phone numberNote:For quick dialing, we recommend you save numbers with the pgsm:// prefix as "secure" contacts in yourphone book, in home page field.7.4. Dial secure call with +801 prefix ! IMPORTANT Dialing a call with secure prefix +801 is not available on iPhone, due to some platform constraints imposed by current releases of Operative System.Making secure calls with PrivateGSM is very easy: dialling is just as simple as prefixing your phonenumbers with +801 prefix, as with international calls.With secure prefix you can make calls as usual with your phone: inserting phone number, from youraddress book or even from recent calls logs.Phone numbers prefixed with secure prefix +801 are detected by PrivateGSM which automatically starts asecure call.7.4.1. Dialing a secure callYou can dial a secure call by entering the “+801” prefix before the number to be dialed, including theinternational country code without zeros. User manual, March 2011
  • 25To dial a secure call complete with prefix: Enter the “+801” prefix before the number and press the dial button7.4.2. Dialing a secure call from contactsYou can call a number previously saved in the phone book with the PrivateGSM prefix (see chapter7.2 “Secure prefix number”).To make a secure call to a contact saved in your address book with the PrivateGSM prefix: BlackBerry: select a “secure” contact and iPhone: select a “secure” contact Nokia: select a "secure" contact and press the SEND key and press on secure URL press the dial button User manual, March 2011
  • 267.5. Dial secure call from PrivateGSM application7.5.1. Dialing a secure callYou can make a secure call from the PrivateGSM menu by simply entering the number complete withinternational country code (i.e.: +44 for UK) and pressing the dial button.Note 1:On devices with OS Symbian 9 5th ed. (touch screen) select Type number in Options menu: a virtualkeyboard will appear.Suggestion:If you intend to frequently make secure calls to the same number, add it to your phone book with thePrivateGSM prefix (see chapter 7.2 “Secure prefix number”).To dial a secure call using the PrivateGSM menu: BlackBerry: digit phone number and click on iPhone: digit phone number and Nokia: enter the phone number complete green SEND button click on green DIAL button with international country code and press the DIAL button7.5.2. Dialing a secure call from contactsPrivateGSM lets you choose a contact from your phone address-book, so you can make secure calls fromPrivateGSM menu by simply selecting a contact from.PrivateGSM sort contacts in the same way as native phone book does. User manual, March 2011
  • 27On iPhone you can change contacts ordering by opening System Settings > PrivateGSM > Application> Contacts Sort OrderSuggestion:If you intend to frequently make secure calls to the same number, add it to your phone book with thePrivateGSM prefix (see chapter 7.2 “Secure prefix number (Nokia and BlackBerry)”).To dial a secure call to a contact using the PrivateGSM menu on BlackBerry:  1. Select Dial secure call 2. Select a contact and press SEND keyTo dial a secure call to a contact using the PrivateGSM menu on iPhone: 1. Select a contact 2. Tap on the phone number User manual, March 2011
  • 28To dial a secure call to a contact using the PrivateGSM menu on Nokia: 1. Select Dial secure call 2. Select a contact and press the dial button User manual, March 2011
  • 298. Receiving a secure callPrivateGSM must be on and you must be connected to the Internet to receive a secure call.When there is an incoming secure call, a popup is shown on display. If you accept, PrivateGSM is broughton foreground and in a few seconds, depending on type of network and security level, it will be possibleto start speaking securely.Note:A secure call has a ring tone other than a standard call and can be answered or refused.8.1. Receive a secure call on BlackBerry Accept the secure call by pressing the dial button8.2. Receive a secure call on iPhoneOn iPhone platform you have to confirm twice to accept an incoming call, due to constraints imposed bycurrent versions of Operative System: • Bring PrivateGSM application in foreground, tapping on View button; • Accept or refuse incoming call: in this stage, until you decide what to do, the peer calling you would hear a ringing tone. User manual, March 2011
  • 30 1. Bring PrivateGSM in foreground 2. Accept the secure call by pressing the Accept button8.3. Receive a secure call on Nokia Accept the secure call by pressing the dial button User manual, March 2011
  • 319. Secret SecuritySecret Security applies an End-To-Site security model, where audio data is encrypted on one call-end anddecrypted on PBX side.This model, used within Enterprise VoIP Security Suite, replicates the same paradigm of a VPN: call issecured outside of company perimeter, and goes in clear inside company perimeter.The main advantages of End-To-Site security model are: • interoperability with existing phone networks for crypto-to-clear and clear-to-crypto setup • advanced telephony features, such as 3-way calling and conference room9.1. Verifying call securityCall is automatically secured during call setup, so it does not require any human intervention. As soon ascall is establishes you can immediately start to talk with your contact securely.The overall security verification system is based on TLS digital certificate verification. The PrivateGSMEnterprise client automatically verifies the digital certificate of the SIP/TLS server and if it’s recognized andauthentic, the connection will be automatically secured. Secure call established User manual, March 2011
  • 32This security model is exactly the same as HTTPS with internet browser, given the fact that onPrivateServer there is a valid digital certificate the call can be considered secure.By default, PrivateGSM will not accept invalid SSL certificates, such as: • Expired certificates: be sure that your phone’s clock is properly set • Self-signed certificates • Common name mismatchIf the SSL certificate is a wrong or invalid (ex: one of the above mentioned reasons) or a man in the middleattack attempt is in course, the user will see on phone display one of the following warnings:Invalid SSL certificate Certificate error9.2. Custom Certificate AuthoritySince security is based on TLS digital certificates, it is mandatory that server certificates are signed by aknown and trusted certificate authority.If your certificates is signed by a new CA (not present in phone CA list at ship time) or your private CA,you can import the CA’s certificate and trust it. User manual, March 2011
  • 339.2.1. Custom CA on BlackberryOpen Options -> Security Options -> Advanced Security Options -> CertificatesSelect the CA root and trust it. PrivateGSM can now connect to your server.9.2.2. Custom CA on iPhoneConnect your iPhone to USB and open using iTunes application.Select your device -> “Apps” section -> scroll down and you will see a list of applications that have ashared folder.Import a file named “cachain.pem” containing the whole certificate chain, from Certificate Authority Rootdown to server certificate, including intermediate CA, using PEM format (ASCII format, starting with line“-----BEGIN CERTIFICATE-----“).9.2.3. Custom CA on NokiaNokia devices accept certificate in DER format (binary format, non ASCII as PEM). Remember to use a DERformat certificate, otherwise Nokia phones will not recognize it properly.You can install a new CA root in three ways: • Point your phone’s browser to the CA root certificate URL • Send the certificate via Bluetooth • Copy your certificate to the SD and open with a file manager applicationYou will be prompted to trust the certificate. PrivateGSM can now connect to your server.9.3. Restrict Certificate AuthoritySSL certificates management is the key point in SECRET security level, so PrivateGSM takes all SSL aspectsin great consideration. You can further restrict the constraints on SSL choosing one single CA root, whichyou trust particularly. This feature gives you some additional advantages: User manual, March 2011
  • 34 • Use certificates signed by your private internal CA, not known and present on OTS devices • Choose one single CA root that you trust, reducing the risks that an attacker uses a compromised, but still valid CA root, to carry on a MITM attack.9.3.1. Restrict CA on iPhoneImport a custom CA (see 9.2.2“Custom CA on iPhone”). Open and edit Sip settings, and set to ONsetting named “Enable custom CA root”9.3.2. Restrict CA on NokiaImport a custom CA (see 9.2.3 “Custom CA on Nokia”). Open Settings -> Advanced Settings -> TLSSettings and set to ON setting named “Enable custom CA root” User manual, March 2011
  • 3510. Top Secret SecurityThe “Top Secret” level applies an End-To-End security model, with audio data encrypted on one call-endand decrypted on the other call-end, without any possibility to decrypt it in the middle.PrivateGSM relies on ZRTP protocol, so there is no need to deploy a PKI infrastructure, but a humanverification is required to exclude the presence of a MITM (Man In The Middle).10.1. Verifying call securityPrivateGSM Demo and end-to-end encryption enabled version use an encryption and security systembased on ZRTP protocol.This protocol is based on "human" verification of the two words (called Short Authentication String)displayed at the beginning of a call. The SAS (Short Authentication strings) are made up of two words inEnglish, randomly generated for each call. The SAS displayed on the two phones must be verballycompared by the two callers to guarantee call security. After the security has been verified the two peersshould trust each other.Verify call security on BlackBerry: Matching key exchanges:  the call  is secure! 1. The caller reads 2. The called party his key out loud makes sure it matches his User manual, March 2011
  • 36Verify call security on iPhone: Matching key exchanges:  the call  is secure!  1. The caller reads 2. The called party his key out loud makes sure it matches hisVerify call security on Nokia: Matching key exchanges:  the call  is secure! 1. The caller reads 2. The called party his key out loud makes sure it matches hisSuggestion:After making sure the Short Authentication Strings match and that the called party is really the personyou are speaking to, save the contact in the phone book as “trusted” by clicking Trust. This way, you User manual, March 2011
  • 37need not verify the key exchange whenever you call this contact (trusted) in the future.The ShortAuthentication Strings will no longer be highlighted in orange. Security is guaranteed by the ZRTP keycontinuity feature.Thus, in normal conditions, subsequent communications with a "trusted" contact can start without theneed of verbal verification.Short authentication Strings background color is different and SAS should only be verified in the event ofwiretapping attempts or changes to one of the two phones configurations. In this case, the keys must beverbally verified or the call immediately interrupted.Secure call between trusted contacts Trusted contacts10.2. Identifying a wiretapping attempt10.2.1. Attempt to wiretap a call to a "trusted" contactIf a third party attempts to wiretap a call to a previously verified contact saved as trusted, PrivateGSMautomatically detects the wiretapping attempt, interrupts the call and displays the following security alert. User manual, March 2011
  • 38 Wiretapping attempt alertAfter receiving a security alert, you must always verbally re-verify the key exchanges and re-save yourcontact as trusted for future calls (see chapter 10.1 Verifying call security). ! IMPORTANT The security alert may even be displayed when there is no wiretapping attempt but when your contact changes his phone number or phone. It may also be displayed when the software is re-installed on one of your trusted contacts phones. You must always re-verify contact security after a security alert.10.2.2. Attempt to wiretap a call to a contact not yet saved as "trusted"In the event a third party attempts to wiretap a call to a contact not yet saved as trusted, PrivateGSMdisplays two different key exchanges on the two phones. The callers should verbally verify the differencesbetween the two key exchanges and interrupt the call. User manual, March 2011
  • 39 NON matching key exchanges:  wiretapping attempt  in progress!1. The caller reads 2. The called party verifies his key out loud that keys do NOT match and interrupts the call! User manual, March 2011
  • 4011. Checking the call in progressDuring a secure call, PrivateGSM displays: • key exchange status at the beginning of the call; • connection quality.11.1. Call statusTo establish a connection, PrivateGSM completes three phases; an icon shows on the screen the callstatus: Exchanging ZRTP keys User manual, March 2011
  • 4111.1.1. Call status icons Connection not yet established. This Starting the step may take several seconds (see chapter Red light connection 15.6 “Differences between secure and standard calls”). Key Connection established but ZRTP keys Yellow light exchange are being exchanged. Secure call Connection established and secure. You Green light established can now speak in a secure way.11.2. Call quality levelSome factors that affect the GSM network (i.e.: GPRS use, poor signal, frequent radio cell changes,roaming), could decrease call quality, increasing voice delay. An icon shows the current call quality level: Poor connection quality User manual, March 2011
  • 4211.2.1. Call quality level icons Poor connection quality Average connection quality Good connection qualityNote:If connection quality remains poor, we suggest you seek better network coverage or connect to a betterbroadband Wi-Fi access point. User manual, March 2011
  • 4312. In-Call features12.1. Adjusting audio volumeYou can adjust secure call volume in the same way as you do adjusting standard call volume.To adjust the volume during a secure call: • Use the volume key on your phone (if applicable). • Use the scroll key, scrolling left to lower volume or right to raise it.12.2. Turning speaker phone and microphone on and offYou can turn on your speaker phone or mute your microphone during a call.To turn speaker phone on/off during a secure call: • Nokia: click Options > Activate loudspeaker • iPhone: tap in the middle of the screen > tap on speaker icon • BlackBerry: press menu key > Activate loudspeakerTo turn the microphone on/off during a secure call: • Nokia: click Options > Mute microphone • iPhone: tap in the middle of the screen > tap on mute icon • BlackBerry: press menu key > Mute microphone User manual, March 2011
  • 44Speaker phone and microphone menu User manual, March 2011
  • 4513. Advanced telephony featuresIn the following paragraphs some advanced telephony features are described, useful in specific Enterprisescenarios with PrivateGSM Enterprise and PrivateServer while using end-to-site encryption.13.1. Secure call transferWhile in the middle of a secure call you can transfer secure call to another contact. • iPhone: tap in the middle of screen > tap on Transfer icon • Nokia: click on options > select Transfer menu item • Blackberry: press menu key > select Transfer CallYou can transfer the call to a contact in your address-book or you can input a number to transfer the callto.13.2. Secure 3-way callingWhile in the middle of a secure call you can add a third participant: • iPhone: tap in the middle of screen > tap on Add icon • Nokia: click on options > select Add Participant menu item • Blackberry: press menu key > select Add Participant menu itemYou can add a new participant to the current secure call, by choosing him from your address-book orinserting his number. User manual, March 2011
  • 4613.3. Secure Conference RoomConference room is a feature provided by the PrivateServer secure PBX. You should dial the conferenceroom phone number and, if a PIN is required, while in the middle of call: • iPhone: tap in the middle of screen > tap on DTMF icon and digit PIN number • Nokia: click on options > select Send DTMF menu item and digit PIN number • Blackberry: press menu key > select Send DTMF menu item and digit PIN number User manual, March 2011
  • 4714. Other functions and settings14.1. BlackBerry functions14.1.1. Changing the Access PointTo change the Access Point, select Settings > Advanced Settings > Connection Settings from thePrivateGSM menu. Restart the application for change to take effect. PrivateGSM automatically reconnectsafter the change. ! IMPORTANT WAP or MMS access points cannot be used.To change the access point:  1. Select Connection settings 2. Select the access point14.1.2. Ending and re-starting an Internet connectionYou can end the Internet connection to stop receiving secure calls. The application remains in thebackground and can be started at any time by starting a connection. User manual, March 2011
  • 48To end and re-start an Internet connection: Select Go offline ! IMPORTANT You cannot receive or make secure calls when you are not connected to the Internet.14.1.3. Exit the application and end the Internet connectionTo stop receiving secure calls, exit the application, automatically ending the Internet connection.To re-launch the application, open the mobile phone menu and select PrivateGSM. The connection isautomatically re-started. ! IMPORTANT You cannot receive or make secure calls when you are not connected to the Internet. User manual, March 2011
  • 49To exit the application and automatically close the connection: Select Exit14.2. iPhone functions14.2.1. Exit the applicationIf you want to close PrivateGSM disconnecting it, you have to kill the application:   1. Double click on HOME button 2. Press PrivateGSM icon until it changes 3. Tap on it and it will be closed User manual, March 2011
  • 5014.3. Nokia functions14.3.1. Changing the Access PointTo change the Access Point, select Settings > Default access point from the PrivateGSM menu. Restartthe application for change to take effect. PrivateGSM automatically reconnects after the change. ! IMPORTANT WAP or MMS access points cannot be used.To change the access point: 1. Select Default access point 2. Select the access point14.3.2. Ending and re-starting an Internet connectionYou can end the Internet connection to stop receiving secure calls. The application remains in thebackground and can be started at any time by starting a connection. User manual, March 2011
  • 51To end and re-start an Internet connection 1. Select Options 2. Select Go offline/Go online ! IMPORTANT You cannot receive or make secure calls when you are not connected to the Internet.14.3.3. Exit the application and end the Internet connectionTo stop receiving secure calls, exit the application, automatically ending the Internet connection.To re-launch the application, open the mobile phone menu and select PrivateGSM. The connection isautomatically re-started. ! IMPORTANT You cannot receive or make secure calls when you are not connected to the Internet. User manual, March 2011
  • 52To exit the application and automatically close the connection: 1. Select Options 2. Select Exit User manual, March 2011
  • 5315. What you should know before you use PrivateGSM15.1. Interaction with standard GSM voice callsIf the user receives a standard call (voice) during a secure call (VoIP), the following may occur: 1. The user accepts the voice call: since this channel takes priority over VoIP, the secure call is automatically interrupted. 2. The user refuses the voice call: the VoIP call remains connected and the user can continue the secure conversation.15.2. When doesnt PrivateGSM protect your dataPrivateGSM cannot protect your conversations in the following cases: 1. Wiretapping by physical environmental bugs placed in your home, office or car. 2. Wiretapping by long distance directional microphones.PrivateGSM cannot protect you from the following geographic tracking systems: 1. GSM mobile phone locators 2. GPS locatorsNote:We suggest you consult security experts to protect yourself against these types of devices.15.3. Call quality when movingIt may take longer to establish a connection or experience short audio interruptions when travelling by caror high speed train. This is because you are switching from one GSM network radio cell to another. Callquality depends on the local infrastructures the phone operator uses. User manual, March 2011
  • 54For example, in the suburbs, the GSM network is made up of less cells but with higher coverage;switching from one cell to another is less frequent (i.e.: highway). Contrarily, in metropolitan areas, theGSM network is made up of more cells but with lower coverage; switching from one cell to another ismore frequent (i.e.: expressways and ring roads).Note:No perceivable vocal defects were demonstrated in tests conducted at 150 km/h with PrivateGSM.15.4. Networks and call qualitySecure calls with PrivateGSM use VoIP technology that exploits an Internet connection to make a call viaTCP/IP and UDP packet exchange. Thus, data packets containing voice, encoded and encryptedinformation are routed on the network during a call.PrivateGSM secure calls thus require an open Internet connection without any firewall or restriction by thecaller or called party.Mobile phone operators typically offer two types of Internet access with two different Access Points: • Full Internet access: supports all transmission protocols. Required by PrivateGSM. • WAP/MMS access: does not allow PrivateGSM to work.Following is a list of network types, ordered by quality, bandwidth1 and latency2: Technology Wi-Fi HSD PA UMTS EDGE GPRS Satellite Quality Best Worst1 Bandwidth determines the amount of data transmitted per second.2 Latency determines the time required for data to reach its destination. User manual, March 2011
  • 55Note:To check your mobile phone network, check the symbol next to the signal bar: EDGE network 3G network 3.5 G network (HSDPA)Suggestion:Use Wi-Fi when available. There are no additional access costs and call quality is definitely better.15.5. RatesPrivateGSM secure calls use an Internet connection thus data traffic is charged. Costs depend on the rateset with your phone service provider.To receive secure calls, PrivateGSM must keep an Internet connection open. You should, therefore,choose a rate that lets you stay online as long as you need to receive and make secure calls (i.e.: 24/7,or business hours).Note:We suggest you consult your operator to set a flat rate tied to your connection needs.Note:When using PrivateGSM abroad, make sure you have a data traffic rate plan that lets you check costs. User manual, March 2011
  • 5615.5.1. Limited traffic rate plan disadvantagesData limited traffic rate plan You pay according to data traffic when online. On average, PrivateGSM exchanges data packets for a total of 2MB a month. This is calculated considering average bandwidth between 100k/minute and 200k/minute. Thus 1MB of Internet traffic equals a minimum of 5 minutes to a maximum of 10 minutes.Time limited rate plan You pay according to connection time. These planes are unfavorable and not recommended for PrivateGSM use.15.6. Differences between secure and standard callsDelays in establishing a connection To establish a connection with the called party, PrivateGSM needs from 5 to 60 seconds based on the caller and called partys Internet connection qualities.Voice delay Unlike standard calls, VoIP secure calls may be subject to voice delays from 1/5 of a second to a maximum of two seconds. This depends on the technology adopted by the data transmission network. The better the connection, the shorter the voice delay.Different ring tone PrivateGSM secure calls use different ring tone than standard calls (not customizable).Battery charge Internet connection may lower your phones battery life. Average mobile phone battery consumption may increase from a minimum of 5% to a maximum of 35% based on the type of network used by the Internet connection. Note: A Wi-Fi network consumes more than a 3G network. A 3G network consumes more than a 2G network. User manual, March 2011
  • 5716. User license and license codePrivateGSM can have different license status: • Full: you have a valid license. • Subscription: you have a period license • Trial: you have are in 15 days trial period • Expired: the license is expiredUpon first installation, PrivateGSM Demo is set to Full mode for a 15-day trial period. At the end of thetrial period, the software automatically switches to expired mode and you cannot dial neither receiveanymore secure calls.Trial period is valid only at first installation on a specific device.16.1. Checking your user license16.1.1. BlackBerry: check your current user license  1. Select License from the main menu 2. Check your user license User manual, March 2011
  • 5816.1.2. iPhone: check your current user license 1. Select More and Licensing 2. Check your user license16.1.3. Nokia: check your current user license 1. Select License 2. Check your user license16.2. Activating a licensePrivateGSM provides a trial period when you use all features for free. In order to continue usingPrivateGSM you need to activate a valid license, by typing a valid license code. User manual, March 2011
  • 5916.2.1. BlackBerry: license activation  1. Select License 2. Insert the license code you received  3. Click on Activate button16.2.2. iPhone: license activation   1. Select Licensing under More 2. Insert the license code you received 3. Tap on Activate button to activate your license User manual, March 2011
  • 6016.2.3. Nokia: license activation   1. Select License 2. Insert the license code you received 3. License registration16.3. License MigrationPrivateGSM license is bound to your device and SIM: • if you change your device and move your SIM into your new device, your license will be automatically migrated to new device. • if you change your SIM (eg: move to a new mobile operator) and insert a new SIM, your license status will be preserved. ! IMPORTANT Automatic license migration from one iPhone device to a new device is NOT supported, due to some platform constraints imposed by current releases of Operative System. Request a manual license migration to PrivateWave before switching your iPhone. User manual, March 2011
  • 61 ! IMPORTANT TRIAL PERIOD is NOT supported on iPhone, due to legal constraints imposed by current Terms & Conditions of App Store.16.4. License status icon (Nokia and BlackBerry)On Nokia and Blackberry platform you can also check license status from main screen of PrivateGSM. Thelicense icon changes depending on license status. License status is shown by the license icon that appearsin PrivateGSM menu: Trial period Full mode Receive Only mode Waiting for server response after license code registration. Full license User license expired: you are asked to enter a new license code. User manual, March 2011
  • 6217. PrivateGSM Demo Invite featuresDEMO version of PrivateGSM provides some additional features that let you easily try the application withyour contacts, simplifying installation and deployment process.17.1. Inviting a contact to use PrivateGSM DemoYou can invite a contact from your phone book to use PrivateGSM. The contact will receive a textmessage with a link, inviting him to install the product.17.1.1. BlackBerry: invite a contact from your phone book  1. Select Invite others 2. Select a contact  3. Confirm invitation User manual, March 2011
  • 6317.1.2. iPhone: invite a contact from your phone book   1. Tap Invite button 2. Select a contact 3. Confirm invitation delivery17.1.3. Nokia: invite a contact from your phone book   1. Select Invite others 2. Select a contact 3. Confirm invitation deliveryThe invited contact need only click on the link in the message: if the mobile phone is compatible, thewizard launches (see procedure screen 4 3.1 “Installation via email/SMS message”). User manual, March 2011
  • 6417.2. Accept invitationTo accept an invitation to install PrivateGSM: BlackBerry: click on the link and download iPhone: click on the link and the Nokia: click on the link and the the installation wizard installation wizard will be launched installation wizard will be launchedNote:The “Invite others” option is available only for the Demo version, in order to allow users to build a contactnetwork to make secure calls. User manual, March 2011
  • 6518. Most frequent VoIP network problems18.1. PrivateGSM does not connect and does not let me make callsProblemPrivateGSM does not correctly go online and generates an error during registration/connection.DiagnosticsThe access point in use is incorrect and/or PrivateGSM is connected to a network that is not correctly set.Possible solution • Check whether the phone can access the Internet, opening any web page. • Check whether the access point in use is a full Internet connection and not a WAP or MMS connection. You can only use PrivateGSM with a full Internet connection. • Check whether the Wi-Fi network youre connected to supports TCP/IP and UDP protocols. Internet connections with proxy servers do not work with PrivateGSM and firewalls need to be opened to allow internal networks to work with a proxy server. • Check whether your SIM card balance (top-up) is sufficient. • Check whether Internet connections are enabled on the SIM card. Some phone operators require you set a specific rate plane for Internet access which must be requested by the user and confirmed by the operator.18.2. The call interrupts with a failed connection errorProblemPrivateGSM is correctly online and lets you make/receive a secure call but the call never gets past theExchanging keys phase (yellow light). PrivateGSM interrupts the call with a failed connection error andyou cannot hear the called party. User manual, March 2011
  • 66DiagnosticsThe access point in use is incorrect and/or PrivateGSM is connected to a network that is not correctly set.Possible solution • Check whether the phone can access the Internet, opening any web page. • Check whether the access point in use is a full Internet connection and not a WAP or MMS connection. You can only use PrivateGSM with a full Internet connection. • Make sure the firewall allows UDP protocol output. • Change access point.18.3. Only one caller can hear the other (one-way)ProblemPrivateGSM is correctly online and lets you make/receive a secure call.It reaches the Secure call established (green light) status, exchanging keys, but only one caller can hearthe other.DiagnosticsThe callers PrivateGSM has audio problems, due to incorrect settings. For example, it is using a WAPaccess point and not a full Internet access point or a network with incorrect settings.Possible solution • Check whether the access point in use is a full Internet connection and not a WAP or MMS connection. You can only use PrivateGSM with a full Internet connection. User manual, March 2011
  • 6718.4. Dialing takes one or more minutesProblemPrivateGSM makes/receives a secure call but remains in the Starting a connection phase (red light) forone or more minutes, hanging up with a failed connection message. Re-dialing, the call sometimes goesthrough.DiagnosticsPrivateGSM uses the Internet via a radio frequency range provided by the operator or Wi-Fi connection inuse. Radio frequencies are subject to data packet loss in certain environmental conditions such as if youare close to a large wall, a repeater or in the event of network overload, for example, during a publicevent.During a voice call, a minimum level of data packet loss is negligible for voice quality but may be adeterminant factor for that part of the signal dedicated to the phone system (i.e.: SIP/TLS protocols usedto make a call, receive a call, end a call, and so on). Data transmission may thus be difficult during thestart/end call phase even if the phone displays a good signal level.Possible solution • Check whether the two callers are surrounded by radio disturbances. • If using PrivateGSM in a crowded place, decide whether you should switch from the UMTS network to the GSM network. In fact, a UMTS network that works at 2,100 MHz is more crowded than a GSM network that works at 900/1,800 MHz.18.5. Frequent audio interferencesProblemPrivateGSM calls are subject to frequent audio interruptions or interferences and the conversation isdifficult.DiagnosticsInternet connections are often overloaded and mobile phone operators do not have enough bandwidth.In these cases, establishing a connection may be difficult or impossible or, once established, audio may besuddenly interrupted and similar problems occur. User manual, March 2011
  • 68Possible solution • Make sure the network is actually overloaded: open a web page (N.B.: pick a web page you do not frequently open). A page that does not load or loads slowly, timing out, indicates that the network is overloaded and cannot be used for secure calls. User manual, March 2011
  • 6919. Functional notes19.1. Incompatibility with other installed applications (Nokia devices)PrivateGSM uses APS (Audio Proxy Server) and VAS (VoIP Audio Service) which, if installed on your phonesince used by other applications (i.e.: Fring, instant message software), may interfere with correct softwareoperations. In this case, uninstall the other applications and re-install PrivateGSM. User manual, March 2011
  • 7020. How to contact usVisit us at:http://www.privatewave.comContact our technical staff:tel: +39 02 911930891 Monday through Friday, 10 AM to 12 PM, 2.30 PM to 4.30 PM.email: support@privatewave.com User manual, March 2011