Pryvate™ Encrypted Voice Calls (VOIP)
It is always best to use open-source, peer-reviewed encryption tools on
your
smartphone, tablet and desktop computer.
The Pryvate app for Android (2.2 or higher) and Apple (iOS 6.0 or later)
features voice encryption capabilities that enable subscribers to make
free,
voice over internet protocol (VoIP) calls that are secure, encrypted and
completely private.
Pryvate™ Encryption
- Military-grade encryption combined with RSA 4096-bit and AES
256-bit
encryption
- No risk of data being intercepted by hackers, criminals or
government
surveillance agencies
- Diffie-Hellman (D-H) key exchange, MD5 and SHA512 hash for voice
integrity
- Proprietary ‘Protection Agent’ software that detects, alerts and
defends
against ‘man-in-the-middle’ attacks
- Encryption keys that are automatically created on your smartphone
for
each call
Voice Call Quality – Multiple Network Compatibility
- Industry-leading encrypted voice service that operates over
carrier-grade infrastructure
- Secure calling over 3G/4G, GPRS, EDGE, LTE, UMTS, HSPA, W-CDMA or
Wi-Fi
connection – even at low bandwidths
Security
Single-session-only keys are never stored or known to Pryvate as the
software
works on a peer-to-peer basis with no servers in the middle - so no
record
of calls is ever kept.
Automatic Discovery of Pryvate Contacts
- Auto-notification when a contact becomes a Pryvate user
- Users will also be able to see when their Pryvate contacts are
available
- Contact details will automatically populate their Pryvate address
book
Secure Conferencing
We utilize the same encryption whilst conferencing with multiple users –
with
all voice calls encrypted. The conference call runs on the conference
organizer’s device. They initiate the conference by calling the other
parties and adding them to the group.
Pryvate™ Encrypted Video Calls
Video Encryption.
Video encryption takes video data and makes it impossible to view by
anyone
except the intended recipient – so long as the intended recipient has
the
correct key to decipher the data and view the video in its intended
format.
There are two types of video encryption: personal and Digital Rights
Management (DRM). Personal encryption refers to someone who wants to
share a
personal video with clients, family or friends and who does not want
anyone
unauthorised to see it. DRM is the same thing, although more complex. It
can
often include:
- Different types of video streams for different price brackets
- Region-specific videos
- Media or device-specific videos
- Software-specific videos
- Adaptive streaming
- Secure Video Encryption and Privacy (never known to us)
- ZRTP Protocol negotiates a key between two VoIP end points
As with voice calls, a new key is generated every time a connection is
made,
which further protects the security and integrity of the data. This
means
that if an encryption key from a previous call was discovered –
subsequent
calls would not be compromised.
Video Encryption Interoperability Standards
Video codec specifications include:
-
VP8 (WebM), H263, H263-1998, MPEG-4, Theora and H264
- Resolutions from QCIF (176 × 144) to SVGA (800 × 600)
Pryvate™ Encrypted Instant Message (IM)
Off-The-Record (OTR) messaging is a cryptographic protocol designed to
provide encryption for IM conversations. It ensures that messages do not
have digital signatures and therefore cannot be monitored.
Secure IM Encryption from Pryvate™ s
- Auto encrypted single/unique single session
- 3G and 4G, EDGE, GPRS, LTE, UMTS, HSPA, W-CDMA and Wi-Fi
- Peer to Peer – with no servers in the middle
- No records of any messages or conversations are stored
- AES symmetric-key, Diffie-Hellman and SHA-1 hash algorithms
- User sessions are automatically deleted after a session is
terminated
The application operates in standard unencrypted mode for normal
conversations. If a secure conversation is required, the user activates
secure mode, which initiates an authentication phase. This allows the
user
to verify the identity of the other party through a pre-arranged
password,
question and answer combination or fingerprint. Once authenticated, the
application generates short-lived, session-based encryption keys –
providing
secure communications and perfect forward security. This ensures that
the
discovery of a past key does not compromise the security of future
sessions.
During secure IM conversations, digital signatures are removed and
logging
is disabled to ensure deniability.
Notification of Screenshots
An innovative security feature of Pryvate’s service detects when a
screenshot
is taken from within the Pryvate App. When this happens, the App
automatically notifies the sender that the recipient is making a record
of
confidential information.
Pryvate™ Encrypted Instant Message
The number of potential hackers and government agencies that may be
monitoring your online conversations, including your instant messages
has
never been higher. If you’re using an open wireless connection, there
are
numerous free software packages that can intercept unencrypted Instant
Messaging (IM) communications. Even password protected wireless networks
leave you vulnerable to monitoring from your broadband or software
providers. It is therefore essential that you consider your online
security
when it comes to instant messaging – whether you use it for personal or
business purposes.
What is IM Encryption?
Pryvate IM encryption is a varied implementation of Signal protocol, along with a ZRTP call through an oral SAS verification to provide mutual identity authentication as added MiTM attack protection security.
Secure IM Encryption from Pryvate™
Pryvate Instant Message Encryption implements the Signal protocol allowing users to privately and asynchronously exchange messages, also supports multiple devices per user and multiple users per device.
Pryvate IM encryption establishes encrypted sessions and encrypts messages but relies on Pryvate to acquire the unique identification string of peer devices and route the messages to their recipients.
The Signal protocol specification utilises the Double Ratchet Algorithm the X3DH Key Agreement Protocol and the Sesame Algorithm.
Containerisation
Application containerisation ensures that all received attachments sent through Pryvate instant messaging are safely kept inside the application space unless and until they are exported or sent to an external viewer for any attachments that require an external viewer.
A parameter inside our chat rooms allow users to also automatically store received photos and videos inside phone Gallery if they so choose.
Containerisation also applies for sent attachments that are generated inside the app, meaning photos and videos that are taken within the app and then sent. Agnostic platform; Android to IOS or vice versa; adaptable to existing email addresses
Pryvate™ Encrypted Email
Email encryption software is intended to eliminate the risks posed by
network
eavesdroppers. In general, email communications are passed through the
ether
using unprotected protocols such as SSL/TSL. The emails are therefore
transmitted in plain text across local networks and the internet. As a
result, email messages and their attachments can be intercepted and read
by
those wishing to attack users maliciously or monitor their messages. It
is
not just potentially sensitive information that is at risk (such as bank
details, log-in credentials, and so on). Hackers, who gain access to
email
messages, can access content from users and their contacts – or even
hijack
their entire email account.
- Securely designates any or all of users current email addresses and
services
- Agnostic platform; Android to IOS or vice versa
Easy to maintain for IT staff, as users can keep existing technology
and
procedures. There is no need for re-training on new platforms
- 3G, EDGE, GPRS, UMTS, HSPA, W-CDMA, & Wi-Fi connections
- Encryption keys are automatically created on users smartphones for
each
individual email – with the associated single-session keys never
stored
or known to Pryvate™
This not a mail client. It contains only the protection mechanism
required to
make a user’s emails secure. What it does is assure users that no
unsecured
data will ever remain or leave the device and that encryption data will
be
stored separately on Pryvate’s servers. By separating the encryption and
the
key, we have built in an added layer of security and removed the need
for
users to input additional SMTP/POP3 settings when setting up their
client.
Pryvate™ Email Encryption – Technology Specifics
We have built in a layer of security that goes beyond that proposed by
the
British Standards Institute.
- All communication between a user’s app and the server is fully
encrypted, TLS-based or RSA4096-protected
Key material that is encrypted for sending to the server in-device
is
done by using the public key of an RSA4096 key pair
The connection between app and server is therefore considered
unbreakable using current techniques and technology.
- The return communication to the app from the server is protected by
the
AES 256-bit key that is sent to the server (RSA4096) and can be read
only by the server
- Newly generated key for each communication session, which is never
stored
TLS-certificated secure link – which adds to the security, helps
avoid
‘man-in-the-middle’ attacks and is in accordance with BSI TR-03145
- Pryvate™ only uses true and tested public algorithms (RSA4096 and
AES256) in international implementations with NO backdoors. This is
a
requirement of BSI TR-03116-4. Additionally, all DNS requests are
routed
through our servers and are compliant with DNSSEC.
- Once the message is encrypted and encapsulated in the .pry
attachment it
is sent directly to the user’s current mail client on their device
(hopefully this is a DANE compliant mail transport). Because we have
no
control over the user’s choice of email client, we make the data as
secure as possible – which is why we separate the key material from
the
data.
- We comply with Datenschutzanforderungen (BDSG) and Richlinie BSI
TR-03108, which makes our product one of the few software tools that
are
above the level of security highlighted in Sicherheitskonzept TKG-
ISO27001.
Pryvate™ Secure File Transfer & Storage
- Eliminates the risk that any files transferred will be intercepted
whilst in transit.
- Send/store files and data – protected by military-grade encryption –
from a personal device via email or by using file
- sharing programs such as Dropbox, One Drive, or Box
- Secure file transfers can be stored without being sent.
- Encrypted form on a mobile device or on media storage, such as: CDs,
DVDs and USB flash drives.
- Decryption key is never located on the same device or file location.
If
a user’s data is stolen, the files and data remain secure.
- Without the need to ‘send’ files to ensure their encryption, secure
file
transfers can be made via the “SCP” with no limit on file size (as
normally experienced with email)
- Decryption is accomplished using the same method as encryption
- No extra software is required.
- Key material cannot be compromised, as it never resides with the
encrypted file.
Our file storage component also works when a user wants to encrypt a
very large file and have it handed to a third party on a storage
device.
The “SCP” automatically encrypts a user’s files and stores it within
the
inbox of the App. When the recipient (the third party, for example)
has
the file, they simply click the .pry message and it opens securely
Pryvate™ Secure File Transfer
If you are after the peace of mind that your important files will be able
to
be safely transferred without of the worry of them being intercepted by
someone else, Pryvate™ has the ideal solution for you. Pryvate™ secure
file
transfer will allow you to transfer your private files or data securely
using military grade encryption. You will be able to safely transfer
your
data from your personal device, via email or by utilising file sharing
programmes such as Dropbox, One Drive, or BOX securely. Your secure file
transfer will be free from prying eyes, competition, hackers and more
when
you use Pryvate™.
What Makes Pryvate™ So Secure?
The Pryvate™ platform allows for secure file transfers to be stored
without
being “sent”. Files can be stored in an encrypted format on the device,
on
CD/DVD or USB storage device. The decryption key is never located on the
device or file location. This will ensure that if you should you lose or
have your device stolen; the culprit will not be able to break into your
files. Without the need to ‘send’ files to ensure secure encryption,
secure
file transfers can be made via the Pryvate™ app, resulting in no
limitations
in terms of file size as you would experience with email. The same
method
for encryption is used for decryption and no extra software is required.
The
key material can’t be compromised as it never resides with the encrypted
file.
The file storage component of Pryvate™ also works when you want
to
encrypt a big file and have it delivered to a third party by means of
CD/DVD/USB storage device. The Pryvate™ app will automatically encrypt
your
file and store it in the inbox of the app instead of sending via email.
When
the recipient has the file on their device, they simply click the .pry
message and the app works its magic. File transfers are now made
securely,
privately and protected.
Combine this with disk encryption to have a fully safe and fool-proof
system
of safeguarding privacy and security for confidential or sensitive
information. Whether you keep a stock of private images/videos that
nobody
should know about, or whether you carry around the design plans for a
nuclear fusion reactor… with this system they are always available for
you
and kept from prying eyes.
Pryvate™ Secure File Storage
As part of the secure file transfer process, Pryvate™ secure file storage
can
protect your personal or corporate files utilising secure military grade
encryption. Whether you are storing your files on a device, PC, laptop
or
using a file share programme such as Dropbox or BOX, Pryvate™ will
ensure
that your files are encrypted and safe from any potential hackers,
corporate
espionage or the competition.
Encrypted files are stored without being ‘sent’ as with traditional
email.
The Pryvate™ application allows the encrypted files to be securely
stored on
your device. They can also be stored securely on external devices such
as
CD/DVD’s or USB devices. The decryption key is never located on the
device/location therefore your securely stored files are safe. If your
device should be lost or stolen you can feel confident that your files
cannot be compromised.
Pin Encrypted Mobile Protection
Pryvate™ is a user-friendly APP that once installed, will revolutionise
your
communications!
We have taken steps to secure every aspect of the app and added
best-of-breed security to each element. As voice and video share the
same
root, we have treated them equally in our platform and have also added
secure protection for instant messaging.
With our triple layered secure voice component, users experience quality
voice and video communications, incorporating RSA4096 encryption
intermingled with AES and DH key exchange as a MiM flag.
In addition to this, our secure communications platform also has an
integrated encrypted email component. The component mail is not a mail
client at all, as it only contains the protection mechanism required to
make
your email safe and secure. No unsecured data will ever leave the
device,
but encryption data will be stored separately with Pryvate™. By
separating
the two elements, we have built in an added layer of security. This
results
in no need for users to input additional SMTP/POP3 settings when setting
up
their email client.
Additionally, we have an extra layer of security. To protect access to
our
App there is a PIN that acts as an extra activation code – making
eavesdropping impossible.
Multiple Account Management
It is standard practice in most businesses for employees not to be
allowed to
manage their own email accounts. The installation and activation of all
corporate software is invariably handled by security officers, IT staff
or
line managers. This has the unfortunate consequence that central
departments
often find it difficult to keep track of the state of their network. So,
to
enable greater network transparency we have built a management dashboard
that allows authorised employees to see:
- Which accounts are active
- How many licences are being used or are still available
- The associated costs
This results in greater security for an organisation, as well as better
ease
of use for the HR, IT departments and any other authorised personal.
The activation element of the software makes it user-friendly and easy
to
add new employees to the network. At Pryvate, we can import lists of
employees and activate or deactivate accounts or this can be left to an
HR
department (which usually has the most up-to-date records), IT or
security
officers – depending on a user’s corporate policy.
Multiple Account Management is particularly valuable once more than 50
people are using our software – although many clients with fewer staff
still
use it because of its flexibility, transparency and improved security.
Pryvate™ Encrypted Web Browsing (Coming soon)
Feel confident when sharing personal information or banking online with
Private’s™ proprietary web browser.
Pryvate™ encrypted web browsing offers secure, private web browsing for
you,
your family and the people who work with you through our bespoke web
browser, which has been built with end-to-end implementation of
anti-traffic
analysis measures. Our secure browser will disguise your IP address
which
can often be tracked by criminals to locate your residential address.
From the provision of a basic proxy service, right through to using the
Private™ network with full HD video, you can rest assured that no
individual
relay will ever be able to decipher the complete path that any
particular
data packet has taken. Our secure browser will use random pathways
through
several internet relays to obscure your location and a compromised relay
cannot use traffic analysis to link the connection’s source and
destination.
Pryvate Key Technical Data
Pryvate™ uses ZRTP encryption for both Voice and IM. The subscribers’
handsets negotiate the encryption keys between themselves so the key is
never known to us. A new key is generated for each call or IM session,
enforcing perfect forward secrecy. This means that if an encryption key
is
discovered for a previous call or IM session, any subsequent
communications
are not compromised.
For our secure email transfer and storage solution, the subscriber’s
private
email key is stored on the device and protected by a personal password
which
is never divulged to Pryvate™.
In regions where VoIP calls and IM are blocked by operators or
governments,
the system will automatically detect the situation and utilise the
secure,
encrypted and private network provided by our software.
In regions where anti-blocking technology may be a concern, our software
will present the host with Pryvate’s™ public IP address so that the
remote
host does not detect the subscriber’s actual IP address. This then
prevents
the host from determining the subscriber’s location.
All aspects of security are considered when you use Pryvate™.
Pryvate Backend Services
Pryvate’s™ default method of key management ensures privacy for our
subscribers as neither us nor any associated parties have any access to
the
end user’s private keys. This prevents Pryvate™ or any associated party
from
being a target for any information related to the user’s private keys.
The
voice and IM keys are generated per session by the Pryvate™ application
on
the user’s device and are discarded at the end of the session. The email
application private keys are held on the device.
Pryvate Anti-Blocking
Pryvate™ has developed a VoIP anti-blocking solution for users who wish
to
bypass illegitimate firewall restrictions on 3G networks.
Numerous Countries block voice-over-internet protocol (VoIP) calls as
they
are seen as a:
- Drain on the revenue of their telecommunications companies
- Way of evading the control of governments and their security
services
- Setup statistic collection system for every call made through the
app.
When making a call, a ‘session initiation protocol’ (SIP), is used to
allow
two endpoints to shake hands – then a ‘real-time transport protocol’
(RTP)
carries the traffic. Our system works in real time by ‘tunneling’ the
SIP
and RTP traffic into a single encrypted HTTPS connection, using flexible
virtual tunneling architectures to achieve seamless voice and video
calls.
We utilize a ‘tunnel client library’ that is integrated into the user’s
Apple or Android device and a tunnel server that is deployed inside
Pryvate’s network infrastructure. The tunnel server uses the data of
each
secure connection to recreate the SIP and RTP traffic from the client’s
smartphone.
Its principle is tunneling all SIP and RTP traffic through a single
secure
https connection up to a detunnelizer server. Our solution comprises:
We tunnel all SIP and RTP traffic through a single, secure https
connection
up to a detunneliser server. Our solution comprises:
- A tunnel client library integrated into the Pryvate client for
iPhone or
Android
- A tunnel server is deployed inside our network infrastructure
- The tunnel server re-creates the SIP and RTP traffic from the data
of
each secure connection to the clients
- Our client and server software is optimized to minimize latency
inherent
in TCP encapsulation of VoIP traffic.
It is not just a general purpose VPN.
Pryvate Key Management
Pryvate’s™ front end applications will be supported by a backend
registration
service for voice and instant messaging, user presence and availability
information. Key servers will be established for the email application,
storing and synchronising keys within the PRYVATE / CRIPTYQUE Ltd
network.
Anonymous browsing is achieved through a network of globally distributed
servers that randomly route traffic through the network, between the
user’s
device and the destination internet site, anonymising the source address
on
each hop.
The backend services are supplied by CRIPTYQUE Limited’s server pools,
which
will initially be a single site service that will be expanded to a
globally
distributed service. The global service rollout will have no impact on
the
customer experience as the distribution of traffic to the various
geographical services will be handled through DNS and will require no
changes to the applications.
Initially the DNS services will be supplied through a third party, but
an
internal DNS service will be set up before switching all device traffic
to
the PRYVATE / CRIPTYQUE Ltd network. The decision to switch will be
based
upon the number of customers, the types of service in use and the cost
and
maintenance of a global server network to service the customer base.
