Chapter1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for CiscoUnified IP Phones
1-14
Cisco Unified IP Phone 7906G and 7911G Administration Guide for Cisco Unified CallManager
OL-10008-01
Manufacturing installed certificate Each Cisco Unified IP Phones7906G and 7911G contains a
unique MIC, which is used for device authentication. The
MIC is a permanent unique proof of identity for the phone,
and allows CiscoUnified CallManager to authenticate the
phone.
Secure SRST reference After you configure a SRST reference for security and then
reset the dependent devices in CiscoUnified CallManager
Administration, the TFTP server adds the SRST certificate to
the phone cnf.xml file and sends the file to the phone. A
secure phone then uses a TLS connection to interact with the
SRST-enabled router.
Media encryption Uses SRTP to ensure that the media streams between
supported devices proves secure and that only the intended
device receives and reads the data. Includes creating a media
master key pair for the devices, delivering the keys to the
devices, and securing the delivery of the keys while the keys
are in transport.
Signaling Encryption Ensures that all SCCP signaling messages that are sent
between the device and the Cisco Unified CallManager
server are encrypted.
CAPF Implements parts of the certificate generation procedure that
are too processing-intensive for the phone, and it interacts
with the phone for key generation and certificate installation.
The CAPF can be configured to request certificates from
customer-specified certificate authorities on behalf of the
phone, or it can be configured to generate certificates locally.
Table1-3 Overview of Security Features (continued)
Feature Description