In-Confidence FAQ Print Secure Login Register 0   

 General Information

 

Introduction

Who is it for?

Why use SecureGSM Products?

Refund Policy

End User Licence Agreements

Statement on software piracy

 

 In-Confidence
for iPhone & iPad
Next Generation Telephony

 

Features

Advanced Features

System Requirements

Screenshots

 

 In-Confidence
for Windows
Next Generation Telephony

 

Features

Advanced Features

System Requirements

Screenshots

Signature Verification Tool

 

 Resources

 

Reference & Literature

Online User Guides

Technical Articles

 

 SecuStream™ Technology

 

Under the hood of SecureGSM™

 

What will an attacker hear if my encrypted conversation is intercepted?

Can I have both In-Confidence and In-Confidence Evaluation software installed on my device?

Why do I need to subscribe to a Service plan?

Can I buy In-Confidence as a stand-alone product and use my own Telephony Service?

Can I call an In-Confidence user with In-Confidence Evaluation and vise-versa?

 

How do I dial from In-Confidence?

Can I establish a multi-party Conference call with In-Confidence?

Do both parties need to have this software in order to have an encrypted conversation?

Can I still use my existing VoIP softphone to make calls from my computer?

What is the issue with unencrypted telephony security? I thought that it was secure.

 

What is the man-in-the-middle attack and how does In-Confidence protect my conversations from it?

Is your software designed to support criminals and terrorists?

Does your product have any formal certification such as FIPS 140-2 or Common Criteria Evaluation?

Does your software really use encryption? How can I check?

Do you make your source code available so I can check that it is doing what you say it is doing?

 

Are there other, similar software-only solutions available?

Your product is so reasonably priced compared to others. Does that mean that the quality and protection offered is diminished?

Does your product support languages other than English?

Do I need special arrangements with an Internet Service provider to enable me to use In-Confidence?

What number do I need to dial to make a secure call?

How good is the audio quality of an In-Confidence phone call?

 

I am experiencing a delay in audio. Is that normal?

I can hear some kind of echo? How can I eliminate that?

The sound I hear from the other person is overly loud and distorted.

Is there a chance that a conversation is recorded off the Internet network for further decryption? Will attackers succeed?

Are the ciphers used in In-Confidence are proprietary or well known to the international security community?

 

What about key exchange - can the public key be intercepted? Does that mean that my conversation could be de-ciphered?

How strong is the encryption and cryptography used in the In-Confidence Products?

Is this for big companies only? Can I get this software for myself?

In-Confidence seems to be a great application and the price is affordable, but do I really need this?

What about the person I am calling? Do they need to have In-Confidence on their computer as well?

 

Can I use In-Confidence over the internet?

 

 

What will an attacker hear if my encrypted conversation is intercepted?
Press play to hear what it sounds like. 

Can I have both In-Confidence and In-Confidence Evaluation software installed on my device?
It is not possible to have multiple versions of In-Confidence Software installed and operating on one computer.

Why do I need to subscribe to a Service plan?
Like any other telephony application, In-Confidence needs a telephony service to be able to establish a call to another person. Just like your home phone or mobile phone uses a telephony service, so does In-Confidence.

The telephony service is strictly a pass-through service and is not able to encrypt or decrypt the information that passes through it. All encryption and decryption is done by the In-Confidence application on the local device.

Can I buy In-Confidence as a stand-alone product and use my own Telephony Service?
Retail versions of In-Confidence are bundled together with a telephony service (and subsidised by SecureGSM) to ensure a high standard of quality for the product. In addition to the call carriage, the telephony service also provides connectivity between users of the In-Confidence product family. For these reasons, retail versions of In-Confidence  are only available bundled with SecureGSM’s telephony service.

For corporate users wishing to establish their own closed group service, In-Confidence products are available tailored to specific telephony services by request (Subject to terms and conditions).

Can I call an In-Confidence user with In-Confidence Evaluation and vise-versa?
In-Confidence and In-Confidence Evaluation are not compatible to each other. In-Confidence Evaluation is intended for evaluation purposes only and thus only connects to In-Confidence Evaluation.

If you make a call using In-Confidence Evaluation to a device with In-Confidence installed,  you will receive a notification "version is not compatible" and the call will disconnect.

How do I dial from In-Confidence?
In general, to access this feature, switch to Contacts tab, double click the Contacts entry. Alternatively, you can select the Contact from the Contacts list and push the green Call button, located in selected contact row.

You can also dial the ICN number of other party directly from In-Confidence DialPad, or return or repeat call from Call History tab.

Can I establish a multi-party Conference call with In-Confidence?
Yes, In-Confidence is the only dedicated multi-party conferencing product with triple layer encryption capabilities available today. To add party to an In-Confidence call, please dial the ICN (In-Confidence Number) of the party while in an already established call. The number of parties in a conference is limited to available Internet connection bandwidth and computer processing power.

Do both parties need to have this software in order to have an encrypted conversation?
Yes, In-Confidence is an end-to-end security software. Both parties need to have In-Confidence installed on their respective computers.

Can I still use my existing VoIP softphone to make calls from my computer?
Absolutely. In-Confidence does not, in any way, change, modify or compromise the standard functionality of your computer. You can make normal Voice over IP (VoIP) calls to persons using any other third party VoIP application.

What is the issue with unencrypted telephony security? I thought that it was secure.
There are considerable issues with security associated with unencrypted calls over traditional phone and VoIP networks. Due to no encryption or very low encryption, each unencrypted call can be easily intercepted.

What is the man-in-the-middle attack and how does In-Confidence protect my conversations from it?
In-Confidenceproducts are built upon robust, state-of-the-art algorithms and our unique Identity Verification module to protect from the "man-in-the-middle" attack.

Definition: Man in the middle attack
From Wikipedia, the free encyclopedia.

In cryptography, a man in the middle attack (MITM) is an attack in which an attacker is able to read,
and modify at will, messages between two parties without either party knowing that the link between
them has been compromised. The attacker must be able to observe and intercept messages going
between the two victims.

Click here for the expanded definition from Wikipedia.

Is your software designed to support criminals and terrorists?
Absolutely not! We do not condone any such activities, and take extreme care to ensure that our products are used to prevent, rather than encourage criminal or terrorist behaviour.

Does your product have any formal certification such as FIPS 140-2 or Common Criteria Evaluation?
The Cryptographic library used in In-Confidence has passed NIST FIPS 140-2 Certification.

Does your software really use encryption? How can I check?
We will be offering a In-Confidence output file for evaluation (this will be done in our laboratory). To output the encrypted stream to file yourself, you would require specific software and laboratory equipment.

Do you make your source code available so I can check that it is doing what you say it is doing?
SecureGSM™ In-Confidence is an innovative product and the source code behind it is very much a trade secret. We believe that publishing source code does not guarantee proof, as you still cannot verify that the software you purchase is the same and compiled from that which is published. We can, however, make available the source-code of the crypto-related application modules to show the cipher functionality.

Are there other, similar software-only solutions available?
As far as we know, In-Confidence is the only dedicated multi-party conferencing product with triple layer encryption capabilities.
The unique features incorporated into the software combine to make In-Confidence the most user-friendly encrypted telephony application with a no-compromise security model.

Your product is so reasonably priced compared to others. Does that mean that the quality and protection offered is diminished?
Absolutely not! You will find that all SecureGSM products are robust, enterprise level applications which rival, and in many cases exceed the functionality and protection offered by other currently available options. We have worked extremely hard to ensure that SecureGSM products are truly affordable enterprise grade tools without compromise. You can see some typical examples of outgoing call charges at the Call Cost Analysis Page.

Does your product support languages other than English?
The user interface of In-Confidence is currently in English; however, the software has full Unicode support, which means that it can be used in any language. This specifically applies to the Messaging screen where this functionality is of most use. You are free to use whatever language you like to send and receive messages. Of course our Identity verification screen is also language independent, therefore In-Confidence is easily useable by anyone in the world.

Do I need special arrangements with an Internet Service provider to enable me to use In-Confidence?
In-Confidence utilises your existing Internet connection. Please refer to the In-Confidence system requirements page.

What number do I need to dial to make a secure call?
Each In-Confidence user has received a unique In-Confidence Number (ICN).
To call someone, you dial the ICN number of that person.

How good is the audio quality of an In-Confidence phone call?
The audio quality is superior to standard phone voice communications.

I am experiencing a delay in audio. Is that normal?
No, it is not. In-Confidence has been designed to offer unmatched low latency communications. If you are experiencing delay in audio, please verify that your Internet connection quality is appropriate.

I can hear some kind of echo? How can I eliminate that?
If you are experiencing echo, please verify that your microphone is not positioned directly in front of your speakers and that the volume is not turned up to excessive levels. You may experience echo if you are talking to someone who is located in the same room.

Also, please ensure that Microphone Boost option is switched off at all times.

The sound I hear from the other person is overly loud and distorted.
Some sound cards and audio headsets have additional software which feature audio enhancements such as surround sound and microphone boost. If that software is installed and the microphone boost is enabled, this can interfere with the sound quality. The In-Confidence application attempts to switch off the additional microphone boost employed by this software; however it is not always possible. If you hear very distorted sound and echo (or you are told that your sound is very distorted) then the other person need to disable the microphone boost.

Is there a chance that a conversation is recorded off the Internet network for further decryption? Will attackers succeed?
A Network Sniffer device is able to intercept the encrypted signal, however modern crypto analysis techniques are not capable of decrypting the In-Confidence signal in any way. It is important to understand that absolutely no-one is able to decrypt the signal, not even the developers of the In-Confidence software.

Are the ciphers used in In-Confidence are proprietary or well known to the international security community?
All three ciphers used in In-Confidence, AES256, Twofish and Serpent, are well known to the international security community and are considered unbreakable to date. Furthermore, the AES256 algorithm has been designated as the official NIST encryption algorithm.

What about key exchange - can the public key be intercepted? Does that mean that my conversation could be de-ciphered?
Technically speaking, the public key can be intercepted; however it is not possible to de-cipher the conversation using the public key. For detailed information please visit the NIST web site section on the Diffie-Hellman Elliptic Curve Cryptography or the NIST Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography.

How strong is the encryption and cryptography used in the In-Confidence Products?
In-Confidence offers offers unprecedented levels of extremely high encryption above and beyond military standards.

Encryption:
Triple cipher, cascade mode encryption engine including AES, Twofish and Serpent ciphers (3 x 256 bit)
PKI:
Triple ECDH - Elliptic Curves Diffie-Hellman (3 x 571 bit)*

*571-bit ECDH is currently equivalent in security to 15,360-bit RSA/DH/DSA (based on table 1, RFC 5349 standard; http://tools.ietf.org/html/rfc5349). Therefore, SecureGSM's triple ECDH is approximately equivalent to 3 x 15,360-bit = 46,080-bit RSA/DH/DSA.

Is this for big companies only? Can I get this software for myself?
Yes, you can get this software for yourself. We have worked extremely hard to ensure that In-Confidence productsare truly affordable tools for everyone. The availability of In-Confidence is intended to be for individuals, bodies corporate, government and security agencies.

In-Confidence seems to be a great application and the price is affordable, but do I really need this?
In-Confidence is for individuals and bodies corporate who are concerned about the security of voice communications using traditionaltelephony. Using In-Confidence alleviates the risk of calls being intercepted and eavesdropped (man in the middle).

Some of the key sectors we have identified which would benefit from secure communications are:-

  • Security & enforcement agencies
  • Government departments
  • Banks and financial institutions
  • Corporate business and manufacturing community
  • Research and R&D industries
  • Stock and Trade exchanges
  • Brokers
  • Legal and Accounting firms
  • Medical Services
  • Security conscious individuals
  • Applications requiring high level of security and verification

What about the person I am calling? Do they need to have In-Confidence on their computer as well?
In-Confidence is a dual ended system, meaning that both parties must have In-Confidence installed on their devices to permit secure communications.

Can I use In-Confidence over the internet?
Yes. In-Confidence products are designed for use over public Internet connections (LAN, WAN, Wi-Fi, 3G/4G mobile internet).

 

Copyright ©2004 - 2017 SecureGSM

Home   About us   Contact us   News   FAQ   Recover Password   Privacy Policy   Terms & Conditions