vIPer Guide 68 P49752G

GENERAL DYNAMICS TalkSECURE™ vIPer™ Phone User’s Guide “EXPORT CONTROL WARNING – Do not disclose or provide this document or item (including its contents) to non-U.S. Citizens or non U.S. Permanent Residents, or transmit this document or item (including its contents) outside the United States without the written permission of General Dynamics and required U.S. Government approvals.” COPYRIGHT © 2007-2009 GENERAL DYNAMICS ALL RIGHTS RESERVED Sectéra®, TalkSECURE™, and vIPer™ are registered trademarks of General Dynamics i Table of Contents TABLE OF CONTENTS ............................................................................................................................ II 1 WELCOME......................................................................................................................................... 1 1.1 SAFETY INFORMATION ................................................................................................................. 2 1.2 SYMBOLS AND FONTS USED IN THIS GUIDE ................................................................................. 4 1.3 INTRODUCTION............................................................................................................................. 5 1.3.1 Phone Features....................................................................................................................... 5 1.3.2 Voice Over IP (VoIP) Telephony – What You Should Know .................................................. 6 1.3.3 Other Documents.................................................................................................................... 7 2 INSTALLATION................................................................................................................................ 8 2.1 2.2 2.3 2.3.1 2.3.2 2.3.3 2.3.4 2.3.5 2.4 2.4.1 2.4.2 2.5 2.5.1 2.5.2 3 GETTING ACQUAINTED.............................................................................................................. 15 3.1 3.2 3.3 3.4 3.4.1 3.4.2 3.5 3.6 3.7 3.7.1 3.7.2 3.8 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 4 BEFORE YOU START..................................................................................................................... 8 PACKING LIST .............................................................................................................................. 8 ACCESSORIES ............................................................................................................................... 8 PSTN Connect......................................................................................................................... 8 Push-to-Talk Handset ............................................................................................................. 9 Headset ................................................................................................................................... 9 Software Update Cable......................................................................................................... 10 Additional Items.................................................................................................................... 10 MOUNTING ................................................................................................................................. 11 Desktop ................................................................................................................................. 11 Wall Mounting ...................................................................................................................... 12 ELECTRICAL CONNECTIONS ....................................................................................................... 12 Handset and/or Headset ....................................................................................................... 12 Network and Power .............................................................................................................. 13 THE KEYPAD .............................................................................................................................. 15 THE DISPLAY ............................................................................................................................. 17 TEXT ENTRY .............................................................................................................................. 19 SPEAKERPHONE.......................................................................................................................... 19 Getting the Best Performance............................................................................................... 20 External Microphone ............................................................................................................ 20 MENU NAVIGATION ................................................................................................................... 20 MENU SUMMARY ....................................................................................................................... 22 MAKE A CLEAR CALL ................................................................................................................ 24 Dialing a Call ....................................................................................................................... 24 Answering a Call .................................................................................................................. 26 SECURITY FEATURES.................................................................................................................. 26 Access Control Models ......................................................................................................... 26 User Management................................................................................................................. 29 Key Management .................................................................................................................. 30 24 Hour Retest ...................................................................................................................... 33 Depot Return Switch ............................................................................................................. 34 ADVANCED FEATURES ............................................................................................................... 35 4.1 MANAGING CALLS ..................................................................................................................... 35 4.1.1 Multi-Line Capability ........................................................................................................... 35 4.1.2 Preemption of an Existing Call............................................................................................. 35 4.1.3 Audio Device Selection ......................................................................................................... 35 4.1.4 Hold (Clear Calls Only) ....................................................................................................... 36 4.1.5 Mute...................................................................................................................................... 36 4.1.6 Redial.................................................................................................................................... 37 ii 4.2 SECURE CALLS ........................................................................................................................... 37 4.2.1 SCIP Secure Call Setup ........................................................................................................ 38 4.2.2 Establishing a Secure Voice Call.......................................................................................... 39 4.2.3 Establishing a Secure Data Call........................................................................................... 41 4.2.4 Dial-Up Networking ............................................................................................................. 44 4.2.5 Secure Call Setup Status Messages ...................................................................................... 46 4.2.6 During a Secure Call ............................................................................................................ 51 4.2.7 Ending a Secure Call............................................................................................................ 53 4.3 VOICE MAIL ............................................................................................................................... 54 5 MENUS .............................................................................................................................................. 55 5.1 DIRECTORY MENU ..................................................................................................................... 55 5.1.1 Speed Dial ............................................................................................................................ 56 5.1.2 Personal Contacts................................................................................................................. 57 5.1.3 Inbound Calls and Outbound Calls (Call Histories) ............................................................ 60 5.2 SECURITY MENU ........................................................................................................................ 62 5.2.1 PIN Menu.............................................................................................................................. 62 5.2.2 Zeroize Menu ........................................................................................................................ 64 5.2.3 Key Management Menu ........................................................................................................ 66 5.2.4 Security Features Menu........................................................................................................ 71 5.2.5 Service Menu ........................................................................................................................ 78 5.2.6 Configuration Menu ............................................................................................................. 80 5.3 PHONE SETTINGS MENU ............................................................................................................. 83 5.3.1 Date and Time ...................................................................................................................... 83 5.3.2 Network Information............................................................................................................. 83 5.3.3 Display Settings .................................................................................................................... 84 5.3.4 Purge Call History................................................................................................................ 85 U U 6 CONTROLLING THE VIPER VIA THE RED DATA PORT .................................................... 86 6.1 6.2 6.3 6.3.1 6.3.2 6.3.3 6.4 6.4.1 6.4.2 6.5 6.5.1 6.5.2 6.5.3 6.6 6.6.1 6.6.2 6.6.3 CONNECTING TO THE RED DATA PORT ...................................................................................... 86 MODEM OPERATIONS ................................................................................................................. 86 RED DATA PORT CONTROL MODES ........................................................................................... 87 Command Mode.................................................................................................................... 88 Connecting Mode.................................................................................................................. 88 Online Mode ......................................................................................................................... 89 RED DATA PORT MODEM DRIVER ............................................................................................. 89 Installing the Red Data Port Modem Driver ........................................................................ 89 Uninstalling the Red Data Port Modem Driver.................................................................... 90 USB RED DATA PORT DRIVER INSTALLATION AND USE ........................................................... 91 Installing the USB Red Data Port Driver ............................................................................. 91 Creating a Basic HyperTerminal Session............................................................................. 92 Uninstalling the USB Red Data Port Driver ........................................................................ 92 AT COMMAND SUPPORT ............................................................................................................ 92 AT Command Message Format ............................................................................................ 92 AT Command Strings............................................................................................................ 93 AT Command Set .................................................................................................................. 93 7 UPDATING NETWORK SOFTWARE ....................................................................................... 103 8 UPDATING SECURITY SOFTWARE........................................................................................ 104 9 USER MAINTENANCE ................................................................................................................ 105 10 IF YOU HAVE PROBLEMS......................................................................................................... 106 10.1 10.2 10.3 TROUBLESHOOTING GUIDE ...................................................................................................... 106 CUSTOMER SUPPORT ................................................................................................................ 115 RETURNS .................................................................................................................................. 115 iii 10.4 10.5 11 WARRANTY TERMS AND CONDITIONS ..................................................................................... 116 DISPOSAL ................................................................................................................................. 116 GENERAL INFORMATION ........................................................................................................ 117 11.1 APPLICABLE STANDARDS ......................................................................................................... 117 11.1.1 Government Standards................................................................................................... 117 11.1.2 Internet Engineering Task Force (IETF) Standards ...................................................... 117 11.1.3 International Telephone Union (ITU) Standards........................................................... 117 11.1.4 EIA/TIA Standards......................................................................................................... 117 11.1.5 Other Standards............................................................................................................. 117 11.2 SECTÉRA PRODUCT AND SALES INFORMATION ........................................................................ 118 11.3 APPROVALS AND COMPLIANCE ................................................................................................ 118 11.3.1 EMI/EMC....................................................................................................................... 118 11.3.2 Safety Approvals ............................................................................................................ 119 11.4 APPLICABLE PATENTS .............................................................................................................. 119 11.5 SPECIFICATIONS ....................................................................................................................... 119 INDEX ....................................................................................................................................................... 121 Table of Figures Figure 1.3-1: vIPer Phone ................................................................................................... 5 Figure 2.3-1: Push-to-Talk Handset.................................................................................... 9 Figure 2.3-2: Headset........................................................................................................ 10 Figure 2.3-3: Software Update Cable ............................................................................... 10 Figure 2.4-1: Tilt Base Assembly ..................................................................................... 11 Figure 2.5-1: Handset/Headset Connector Location......................................................... 12 Figure 2.5-2: Phone Connection ....................................................................................... 13 Figure 2.5-3: Direct LAN Connection (LAN provides PoE)............................................ 14 Figure 3.1-1: Functional Key Groupings .......................................................................... 15 Figure 3.2-1: Top Level On-Hook Display....................................................................... 17 Figure 3.4-1: Microphone Location.................................................................................. 20 Figure 3.5-1: Directory Menu ........................................................................................... 21 Figure 3.6-1: Menu Structure............................................................................................ 23 Figure 3.7-1: On-Hook Dial Display ................................................................................ 25 Figure 3.8-1: Group Key Management............................................................................. 32 Figure 4.2-1: Secure Dial-up Networking Architecture ................................................... 45 Figure 5.1-1: Directory Menu ........................................................................................... 56 Figure 5.1-2: Personal Contacts........................................................................................ 57 Figure 5.1-3: View/Edit Dialog ........................................................................................ 58 Figure 5.1-4: Call History ................................................................................................. 60 Figure 5.2-1: View Group Key Display............................................................................ 67 Figure 5.2-2: Load NT1 Keys Menu................................................................................. 68 Figure 5.2-3: Auto Lock Menu ......................................................................................... 73 Figure 5.2-4: Auto Lock Timeout Dialog ......................................................................... 74 Figure 5.2-5: Error Code List............................................................................................ 79 Figure 5.3-1: Network Information Display ..................................................................... 84 iv Table of Tables Table 3.3-1: Key Character Map ...................................................................................... 19 Table 3.8-1: Access Control Restrictions for Various Models ......................................... 29 Table 4.2-1: Secure Calls Based on Configurations ......................................................... 37 Table 4.2-2: Secure Call Setup Prompts ........................................................................... 47 Table 4.2-3: Secure Call Error Messages ......................................................................... 49 Table 5.2-1: Example Access Control Table .................................................................... 62 Table 5.2-2: Lock Security Access Privileges .................................................................. 63 Table 5.2-3: Change PIN Access Privileges ..................................................................... 63 Table 5.2-4: Zeroize Keyset Access Privileges ................................................................ 64 Table 5.2-5: Delete User ID Access Privileges ................................................................ 65 Table 5.2-6: View UnivCert Access Privileges ................................................................ 66 Table 5.2-7: View APK Status Access Privileges ............................................................ 66 Table 5.2-8: View Group Key Access Privileges ............................................................. 67 Table 5.2-9: Load NT1 Keys Access Privileges............................................................... 68 Table 5.2-10: Add User Access Privileges ....................................................................... 71 Table 5.2-11: Delete User Access Privileges.................................................................... 72 Table 5.2-12: Auto Lock Access Privileges ..................................................................... 73 Table 5.2-13: Application Control Access Privileges....................................................... 74 Table 5.2-14: Security Level Access Privileges ............................................................... 76 Table 5.2-15: Speakerphone Control Access Privileges................................................... 76 Table 5.2-16: Black Computer Port Access Privileges..................................................... 77 Table 5.2-17: Web Interface Access Privileges................................................................ 77 Table 5.2-18: CLR Event Buffer Access Privileges ......................................................... 78 Table 5.2-19: Verify Software Access Privileges............................................................. 78 Table 5.2-20: Configuration Menu Access Privileges...................................................... 80 Table 6.3-1: Red Data Port Control Modes ...................................................................... 88 Table 6.6-1: AT Command Format .................................................................................. 93 Table 6.6-2: AT Commands ............................................................................................. 94 Table 6.6-3: Keypress Codes ............................................................................................ 98 Table 6.6-4: Set Straps Data Fields................................................................................... 99 Table 6.6-5: AT Command Error Codes......................................................................... 102 Table 10.1-1: Troubleshooting - General Problems ....................................................... 106 Table 10.1-2: Troubleshooting - Menu Access and Use................................................. 107 Table 10.1-3: Troubleshooting - Network Issues ........................................................... 108 Table 10.1-4: Troubleshooting - Software Update (Security Software)......................... 109 Table 10.1-5: Troubleshooting - Network Software Upgrade (Code Upgrade) ............. 111 Table 10.1-6: Troubleshooting - Group Key Processing ................................................ 112 Table 10.1-7: Troubleshooting - Clear Call Processing.................................................. 113 Table 10.1-8: Troubleshooting - Secure Call Processing ............................................... 114 v 1 Welcome Congratulations on your purchase of your TalkSECURE vIPer Phone. This guide will familiarize you with the capabilities of your vIPer Phone. If you are a Sectéra vIPer user, please refer to the Sectéra vIPer Phone User’s Guide. NOTE to Sectéra vIPer Phone users: The Sectéra vIPer Phone is a Controlled Cryptographic Item (CCI). It is classified to the level of the key when filled with Type 1 key and the PIN is entered. It is CCI when locked or zeroized. Refer to your COMSEC custodian for handling and shipping instructions. The vIPer Phones provide secure Voice over Internet Protocol (VoIP) telephony using the latest Secure Communications Interoperability Protocol (SCIP) signaling 1 . In addition, the vIPer Phones provide clear voice using standard protocols defined by governmental and regulatory agencies. They have been tested for interoperability on a wide variety of networks and with various equipment configurations. The TalkSECURE vIPer Phone provides encryption using Universal Cert (UnivCert) or Automatic Public Key (APK) for encryption keys, and Group Keys for the establishment of User Groups. The Sectéra vIPer Phone provides additional cryptographic capabilities that are discussed in the Sectéra vIPer Phone User’s Guide. All General Dynamics security products are designed and manufactured to meet General Dynamics' precise specifications and world-class quality standards. During development, our laboratory testing team performed rigorous durability and compliance tests. We are confident that the vIPer Phone meets your own exacting standards. Thank you for purchasing the vIPer Phone from General Dynamics, a global leader in secure communications technology. Enjoy your new vIPer Phone! CONSULT WITH YOUR LOCAL SECURITY AUTHORITY FOR SECURITY PROCEDURES APPLICABLE TO THE CONTROL AND USE OF THE vIPer PHONE. Export of the vIPer Phone is restricted in accordance with the export regulations of the United States. 1 SCIP was previously known as Future Narrow Band Digital Terminal (FNBDT). Welcome 1 1.1 Safety Information Read all of this safety information before using your vIPer Phone. CAUTION CONTAINS PARTS AND ASSEMBLIES SUSCEPTIBLE TO DAMAGE BY ELECTROSTATIC DISCHARGE (ESD). Only use the vIPer power converter that was provided with the phone. Do not use a nonvIPer power converter with the phone. If necessary, contact Sectéra Product and Sales Information (page 118) to obtain a replacement vIPer power converter. CAUTION - The vIPer Phone contains a lithium battery. While this lithium battery is not intended to be replaced by you, it is important to be aware that the disposal of this lithium battery must be in accordance with local area regulations. LA PRUDENCE - Le Téléphone de vIPer contient une pile de lithium. Pendant que cette pile de lithium n'est pas projetée être remplacée par vous, c’est important d'être conscient que la disposition de la pile de lithium doit être conformément aux règlements de domaine locaux. VORSICHT – Das vIPer Telefon hat eine Lithiumbatterie. Es wird nicht beabsichtigt, dass der Anwender die Batterie ersetzt. Es ist allerdings wichtig, dass Sie wissen, dass die Lithiumbatterie nach den lokalen Vorschriften entsorgt werden muss. WARNING: Lithium batteries contain hazardous and reactive materials. Dispose of in accordance with all proper local, state, and federal regulations. Do not dispose of in uncontrolled trash. Improper handling or high environmental temperature may result in internally generated heat, fire, explosion, or the release of toxic materials and gases. NOTICE: This equipment is certified to meet the network protective, operational and safety requirements as prescribed in the appropriate Terminal Equipment Technical Requirements document(s). The Industry Canada certification number is marked on the equipment. This certification does not guarantee the equipment will operate to the user's satisfaction. Welcome 2 Before installing this equipment, users should ensure that it is permissible to be connected to their network infrastructure. The equipment must also be installed using an acceptable method of connection. The customer should be aware that compliance with the above conditions might not prevent degradation of service in some situations. Repairs to certified equipment should be coordinated by a representative designated by the supplier. Users should ensure for their own protection that the electrical ground connections of the power utility and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas. CAUTION: Users should not attempt to make such connection themselves, but should contact the electric inspection authority, or electrician, as appropriate. CAUTION: As with any electrical device, be aware that electrical shock may occur if the phone is used near water or during an electrical storm. There is a risk of explosion associated with use of any electrical equipment near explosive gasses. CAUTION: The vIPer Phone may cease to function during a power outage. You are advised to assess your emergency telecommunication requirements and provide alternate emergency telecommunication equipment if needed. Welcome 3 1.2 Symbols and Fonts Used in this Guide This guide uses various typefaces and paragraph formats to identify special information of interest to the reader. Keystrokes that are to be entered on the keypad are shown using the Keystroke Font. Characters that are shown on the display are shown using the Display Font. NOTE: This style is used for notations that are of special interest to the reader. WARNING: This style is used to call attention to items that may adversely affect the operation of the phone or place the user at risk. TIP: This style is used to convey information that may save you time and effort. Welcome 4 1.3 Introduction The TalkSECURE vIPer Phone illustrated in Figure 1.3-1 was designed to be a fully featured Internet Protocol based phone that provides you with the highest level of security obtainable. This section describes those features at a high level. Later sections cover each feature in detail. Front View Rear View Figure 1.3-1: vIPer Phone 1.3.1 Phone Features The vIPer Phone is equipped with the following features: • Clear call capability • Secure call capability • High quality speakerphone • Headset support with optional headset • Voice Mail support • Hold • Mute • Easy to use menus • Hearing aid compatibility The actual features provided by the TalkSECURE vIPer Phone may be limited by your network’s capabilities. Not all features described in this guide may work at your installation. If you find a feature that does not work as described, the first step is to contact your Network Administrator and determine if the network has that capability. Welcome 5 1.3.2 Voice Over IP (VoIP) Telephony – What You Should Know This section is of interest to those new to VoIP. It will help provide some insight into why VoIP is being adopted and why, sometimes, possible service disruptions may occur. Voice over Internet Protocol, or VoIP, has been a growing phenomenon for several years. Industry and government institutions alike see VoIP as a means to reduce costs. Not only are per-call charges less using VoIP, but the need to only maintain one network can result in significant administrative cost savings. Wire is cheap – unless you have to run a lot of it. In the early years of telephony, a separate wire or pair of wires was run between each party who wanted to talk to another party. These were dedicated lines that could only be used by one person to call one particular person. As the network grew it became increasingly difficult to run more wire. As a result, the first switching systems were introduced. These systems consisted of a switchboard and an operator. Wires were run from phones to operators’ switchboards, and the operator connected two phone lines together to complete a call. When computers became practical, the operators were replaced by computers but the connections were still largely analog. As digital technology progressed, phone companies began digitizing voice at the switch and time multiplexing many calls onto one high-capacity wire, known as a trunk. Even with these more advanced systems, when a call was established, the parties on the call had a “dedicated line.” The wire between the two phones, and the timeslot on the trunk, was committed to that call as long as the phones remained off-hook. IP telephony changes that paradigm. With IP telephony there is no such thing as a dedicated circuit that is established between two phones. Instead, voice is digitized at the phone and broken up into bundles called packets. Each packet might carry only 20 milliseconds of voice data. Each packet is sent from one phone to the other individually and each packet might follow a different route. By way of analogy, one could write a letter one sentence at a time, put each sentence in a different envelope, and mail each envelope on a different day. Depending on which routes are more congested, the post office might route one envelope through San Francisco, another through Denver, and another through Albuquerque. The challenge is for the person receiving the letter to assemble the sentences in the right order. The same is true for IP telephony, but the timescale is much faster. Internet Protocol is the envelope, and the network equipment is the post office. To assist in delivering the packets at the right time and in the right order, several different VOIP protocols were developed. Different protocols are supported on different networks, and there must be some means for the different networks and protocols to interoperate. The common VOIP protocols are H.323, Session Initiation Protocol (SIP), and Skinny Call Control Protocol (SCCP). SCCP is the protocol used by your vIPer Phone to establish and maintain clear phone calls. This protocol is supported on Cisco infrastructure and is interoperable with other Welcome 6 protocols and the public telephone networks using a device known as a gateway. A gateway is an infrastructure component and not something you need to worry about – there will already be the appropriate gateway on your network to allow you to place clear calls off your network, assuming that is allowed. If appropriate, a gateway will be present on your network that will allow you to place clear calls off your network. Due to the lack of standardization in the Internet Protocol (IP) world, it is difficult for phones on different networks to interoperate. For this reason disparate networks are often interconnected using the one standard telephony interface – the old-fashioned telephone trunk. Thus, when your call is routed outside of your organization’s Wide Area Network (WAN) it is often connected to a telephone network through a gateway. NOTE: There can be many reasons why a phone might not work, and one of them can certainly be that the phone is broken. But most likely there is a problem with the infrastructure or the configuration of your phone. If you have trouble placing a call, you should first contact your Network Administrator and verify that there are no network problems and that your phone is configured correctly. Then, if the problem cannot be resolved, call Customer Support (page 115). 1.3.3 Other Documents The following documents can be found on the CD distributed with your phone. 1.3.3.1 Sectéra and TalkSECURE vIPer Phone Administrator’s Manual The Sectéra and TalkSECURE vIPer Phone Administrator’s Manual provides information for configuring the vIPer Phone for your network. 1.3.3.2 Sectéra and TalkSECURE vIPer Phone Software Update User’s Manual The Sectéra and TalkSECURE vIPer Phone Software Update User’s Manual provides instructions on updating the cryptographic software of the vIPer Phone. Due to specific security requirements, the process of updating the cryptographic software is different from that used to update the network processor software. The network software upgrade process is described in detail in the Sectéra and TalkSECURE vIPer Phone Administrator’s Manual. See Updating Network Software (page 103) in this guide for more general information on the network software upgrade process. 1.3.3.3 Group Key Manager Tool User’s Manual The Group Key Manager Tool is a PC-based tool used to generate and distribute Group Key. Group Key, used properly, limits who can talk to whom. More information on Group Key can be found in Advanced Features (page 35) and in the Group Key Manager Tool User’s Manual. Welcome 7 2 Installation This section discusses how to connect your TalkSECURE vIPer Phone to your network. 2.1 Before You Start Before you connect your vIPer Phone to your network you should contact your Network Administrator and determine the following things: 1. Is there a separate, physical, voice network? Some installations may require the phone to be connected to a separate voice network. If so, do not connect the vIPer Phone to your data network. 2. Does your infrastructure provide Power over Ethernet (PoE)? If so, the Network Administrator may prefer that you not use the power adapter provided with your vIPer Phone, although General Dynamics recommends you use the adapter on all installations. 3. Has your phone already been configured for your network? If not, have your Network Administrator configure your phone. 4. Are there any specific requirements to dial off-network? For example, you may need to dial “9” to obtain an outside line. Once you have answers to these questions, you are ready to go. 2.2 Packing List You should have received the following items: • vIPer Phone • Two Ethernet cables • Power over Ethernet adapter • AC power cord • Distribution CD • Handset • Coiled handset cord • Tilt base 2.3 Accessories General Dynamics provides the following accessories that will enhance the usefulness of your vIPer Phone. Contact Sectéra Product and Sales Information (page 118) to purchase any of the accessories discussed below. 2.3.1 PSTN Connect The PSTN Connect allows for operation on a standard analog phone line instead of an IP network. The PSTN Connect accessory includes a USB cable for connection to the Black Digital Interface (BDI) port and a phone cord for connection to an analog phone line jack. A TalkSECURE vIPer Phone in PSTN mode with an attached PSTN Connect accessory has been approved for connection to telephone networks in the U.S. and Canada. Welcome 8 2.3.2 Push-to-Talk Handset A push-to-talk (PTT) handset is available for use in high noise environments or for applications with special security requirements. When the PTT switch is released (in its normal position), the audio path from the handset to the phone is disrupted and the vIPer Phone sends audio silence frames over the network. When the PTT switch is depressed, the audio path is completed and normal voice is transmitted over the network. The PTT switch only affects the outbound audio from your phone, and only the audio from the handset. The PTT switch cannot, for example, be used to mute audio from a headset. The PTT handset is also hearing aid compatible. The handset is shown in Figure 2.3-1. Figure 2.3-1: Push-to-Talk Handset For information on how to connect the push-to-talk handset to the TalkSECURE vIPer Phone, see Electrical Connections on page 12. 2.3.3 Headset A high quality monaural headset, shown in Figure 2.3-2, is available as an accessory. The headset comes with a detachable cord that is designed to separate if you should leave your desk without first unplugging from the phone. When worn, the microphone should be positioned within one-half inch of the wearer’s lips for best performance. Placing the microphone below the lips will reduce popping and breath noise when in use. For information on how to connect the headset to the TalkSECURE vIPer Phone, see Electrical Connections on page 12. The headset volume can be adjusted using the volume up/down keys while in a call using the headset. When the headset is in use, calls are initiated and answered by pressing the HEADSET button. Calls are terminated by pressing the HEADSET button a second time. Calls can be transferred between the headset, handset, and speakerphone by either pressing a button or lifting/replacing the handset. The selection of audio devices is covered further in Audio Device Selection (page 35). Welcome 9 Figure 2.3-2: Headset NOTE: The HEADSET interface of your TalkSECURE vIPer Phone has been optimized for use with the accessory headset provided by General Dynamics. Aftermarket headsets are available that may work with your vIPer Phone, but their operation is not guaranteed. 2.3.4 Software Update Cable A software update cable is available if you need to update the security software of your phone. Refer to Figure 2.3-3. Figure 2.3-3: Software Update Cable NOTE: A standard 9-pin RS-232 serial cable can be used to update your security software. Do not use a null modem cable. 2.3.5 Additional Items You may order power supplies, power cords, standard handsets, and Ethernet cables by contacting Sectéra Product and Sales Information (page 118). Welcome 10 2.4 Mounting The vIPer Phone can be placed on a desktop or mounted on a wall. 2.4.1 Desktop A tilt base is provided for desktop use. The base provides three viewing angles for your convenience. Figure 2.4-1 illustrates the tilt base assembly. Upper Keyhole slots attachment clips Tilt Bracket Base Bottom Lower attachment clips Figure 2.4-1: Tilt Base Assembly The Mounting Bracket comes attached to the bottom of the vIPer Phone. It may be removed, if needed, but under normal circumstances should remain attached to the phone. To attach the Tilt Base assembly to the vIPer Phone, slide the assembly onto the back of the phone such that the lower attachment clips engage the slots in the lower portion of the Mounting Bracket. Then press the Tilt Base assembly against the phone so that the upper attachment clips engage the Mounting Bracket. To remove the Tilt Base assembly, depress the upper attachment clips while pulling the Tilt Base down and away from the phone. NOTE: The Tilt Bracket may become disengaged from the Base Bottom during shipping. If this should occur, insert the Tilt Bracket into the Base Bottom from below, lightly squeezing the Tilt Bracket so that the holes at the narrow end of the Tilt Bracket can engage the pins on the Base Bottom at the pivot point, and pivot the Tilt Bracket into position so that it is engaged in the Base Bottom. Welcome 11 2.4.2 Wall Mounting The Mounting Bracket comes with three keyhole slots to facilitate wall mounting. The slots are positioned such that they will engage the pins on conventional telephone style wall bracket plates, such as ATBK-VoIP from AllenTel (http://www.allentel.com). Alternately you may screw two number 8 sheet metal screws (not supplied) into the wall to engage the keyhole slots. Only the lower and one of the upper slots need be engaged. Use appropriate wallboard anchors if you are mounting the phone to wallboard. 2.5 Electrical Connections 2.5.1 Handset and/or Headset Connect your handset to the phone using the coiled handset cord provided in your package. Insert one end of the cord into the connector at the base of the handset. Insert the other end of the cord into the connector labeled “HANDSET” on the left side of the phone as shown in Figure 2.5-1. The handset is hearing aid compatible. You may be required to change a setting on your hearing aid to take advantage of this feature. Connect Handset Here Connect Headset Here Figure 2.5-1: Handset/Headset Connector Location If you purchased the optional headset you will notice that the headset comes with a separable cord. Connect the separable cord to the headset by mating the flat connector on the cord with the flat connector on the headset. Connect the other end of the cord to the connector labeled “HEADSET” as shown in Figure 2.5-1. The cord may have an integral switch with positions numbered 1 through 8. If so, set the switch to the number 1 position using a straightened paper clip. NOTE: The MIC interface on your TalkSECURE vIPer Phone is currently not used. Welcome 12 2.5.2 Network and Power Depending on your Network Administrator’s recommendations, the vIPer Phone may be connected to a network in one of two ways. The first configuration draws power from the wall plug as long as power is available. If wall power is lost, the phone will then draw power from your Ethernet connection, if it supports the 802.3af Power over Ethernet specification. Figure 2.5-2: Phone Connection The other configuration does not use the Power over Ethernet adapter and draws power from your network connection all the time. General Dynamics does not recommend this configuration, but you should follow the recommendation of your Network Administrator. Installation 13 Figure 2.5-3: Direct LAN Connection (LAN provides PoE) WARNING: Be sure you connect your vIPer Phone to the correct network if your facility is equipped with more than one. Connecting to the wrong network could result in undesirable security consequences. At the least, your phone will not work if connected to the wrong network. WARNING: Be sure you connect the Power over Ethernet adapter into the “LAN” port and not the “PC” port on the back of your vIPer Phone. Installation 14 3 Getting Acquainted 3.1 The Keypad Figure 3.1-1 illustrates the functional key groupings of the vIPer Phone. Menu Navigation Keys Soft keys Dial pad Special Function Keys Flash Audio Select Volume Secure/Mode/Clear Figure 3.1-1: Functional Key Groupings The phone keys are organized in functional groupings, as follows: • The Dial pad is used to dial phone numbers and enter information into the phone. Both on-hook and off-hook dialing are supported. • The FLASH key is used to access additional calls if your network supports this capability. See Managing Calls (page 35) for more information. (The FLASH key is currently non-functional.) • The Audio Select keys select either the headset or speakerphone as the active audio device. Lifting the handset off its cradle will disable the speakerphone or headset and route audio to the handset. • The SECURE/CLEAR keys are used to transition to and from secure calls. • The MODE key on the TalkSECURE vIPer Phone is used during a secure call to transition between Secure Voice and Secure Data modes. For more information, see Performing a Mode Change (page 51). Getting Acquainted 15 • • • • • The Volume Control keys increase or decrease the volume of the current active audio device. If there is no active call these keys change the ringer volume. The MUTE key disables outbound audio, so the party on the other end of the call will not hear anything from your phone, but you can still hear the other party. You can verify that the line is muted on the call appearance status display (see Figure 3.2-1). MUTE has no effect on the ringer. The Special Function keys activate special features in your vIPer Phone. o DIRECTORY invokes the directory services menu. o VOICE MAIL is used to initiate contact with a voice mail server on networks so equipped. o HOLD suspends and resumes the call. Both inbound and outbound voice is blocked, but the call remains active until one of the calling parties disconnects the call. HOLD has no effect during secure calls. o LINE will be used to manage multiple calls if supported by your network. (LINE is currently non-functional.) o CONF will be used to initiate a conference call. (CONF is currently nonfunctional.) o REDIAL dials the last dialed number. Note that if you are using Precedence dialing, Redial will use the same priority as when you originally dialed the number. See Changing the Precedence of Your Call (page 25). o SPEED DIAL, followed by a number (0-9) dials one of 10 pre-entered speed dial phone numbers. Pressing SPEED DIAL will bring up a list of the currently stored numbers for easy reference, from which you can choose one by entering a digit (0-9), or by using the scroll and enter menu navigation keys. Soft Keys. Your phone is equipped with six context-sensitive soft keys. Initially, they are used to invoke different menus provided by the phone. Their function changes as you navigate the phone’s menu structures. The display is not touch sensitive. To activate these soft key, you must select the keys located below the display. See Figure 3.1-1. Menu Navigation Keys are used to navigate the menus and accept or reject actions. TIP: You may rapidly page through long lists of data by holding down the up or down navigation keys. You may also scroll to a specific entry by entering the number associated with that entry (e.g., in a 200 item list, entering “5” “0” will scroll to entry number 50). Getting Acquainted 16 3.2 The Display Initially, your phone will be at the Top Level On-Hook Display, which is illustrated in Figure 3.2-1. Figure 3.2-1: Top Level On-Hook Display The first two lines are used by the Secure Call Processor to display status information. They provide important information on the security status of the phone. • The Trust Indicator identifies the source of the data on your phone’s display. When the inverse video “T” appears in the first column, the Secure Call Processor (SCP) is providing the data; otherwise the data is coming from some other source. • The PIN Status indicates whether a valid User ID and PIN has been entered and is active. When showing Locked, the phone cannot be used to make secure calls. Unlock the phone by entering a valid User ID and PIN. • The Speakerphone Status indicates whether use of the speakerphone is allowed or not (not whether the speakerphone is active at the moment). If showing SpkPhone Enabled, the speakerphone may be used in an active call. If showing SpkPhone Disabled, the speakerphone may not be used. • The Active Audio Device icon identifies the currently active audio device (i.e. handset, headset or speakerphone). This icon is not shown when the Phone is in the idle state. • The Preferred Mode Status indicates the configured Preferred Security Mode (Voice or Data). In this example, both Secure Voice and Secure Data are enabled, with Secure Voice mode preferred over Secure Data. For more information see Preferred Security Mode (page 82). • The Mute Status indicates the status of all microphones (handset, headset, and speakerphone). If showing Phone Muted, all microphones (handset, headset, and speakerphone) are disabled. This is normal when the phone is on-hook, and will change to Phone Unmuted as soon as the phone is taken off-hook. • The Key Status indicates whether keys are loaded. Initially, this area will be blank. Once you have loaded or generated key, it will resemble Figure 3.2-1. Getting Acquainted 17 • • • • • • The Local Phone Number displays the phone number that is assigned to the Phone. The Phone Version indicates the release number and version of your vIPer Phone (i.e. PSTN, SCCP (Skinny Client Control Protocol) or SIP). The actual value shown on your phone may differ based on the release number and version of your phone. The Soft Keys are context-sensitive software defined keypress labels. Soft keys can be used to invoke menus, for editor functions, and for confirmations (yes/no) depending on where you happen to be in the menu. The soft keys can also be used to start, answer, and end calls depending on the state of the current call. The Dial Entry Field shows the digits that have been dialed. The Call Status indicates the current status of a call (e.g. IDLE, ACTIVE, HOLD, etc.). The Date & Time indicates the current date and time. WARNING: The inverse video T on the first and second line of your display should always be present if the phone is in operational mode and is functioning properly. If you should notice that the T is missing, something may be wrong with your phone and it should not be used for secure calls until you understand why the T is not present. The inverse video T, hereafter referred to as the Trust Indicator, will appear on other lines from time to time. This behavior is normal and simply indicates that the Secure Call Processor has taken over those lines to display additional information. NOTE: The Trust Indicator identifies the source of the data on your phone’s display. When the inverse video “T” appears in the first column, the Secure Call Processor (SCP) is providing the data; otherwise the data is coming from some other source. Information from the SCP can always be trusted, while information from the network processor may not always be trustworthy. While it should not be possible to hack into the vIPer Phone, understanding how the Trust Indicator works adds another layer of protection. For example, if you should see an indication on the display that your call is secure, but if there is no T in the first column of the line showing that message, then your phone may have been compromised. Please report this to your COMSEC Custodian or Security Administrator, as well as to Customer Support (page 115). The remaining lines on the display are shared between the menu system and the call appearance status indicators. Getting Acquainted 18 NOTE: If a fault occurs in non-trusted subsystems (e.g., “No CCM Available” or “Error <8 digit alphanumeric code> Reboot Phone”), it will be shown on the same line as the local phone number. Record the number, cycle power on the phone (unplug and reconnect the Power Adapter), and if the problem persists call Customer Support. 3.3 Text Entry The dialpad is used to enter text, such as when entering a name while creating a new Personal Contacts entry. Table 3.3-1 identifies the special characters that are mapped to the numeric dialpad when you enter text. Letters are mapped to the numbers 2 through 9 just like on a regular telephone. Punctuation characters are mapped to 1, *, 0, and #, but these mappings are not printed on the keycaps 2 . Table 3.3-1: Key Character Map Key 1 2 3 4 5 6 7 8 9 * 0 # Character Map 1 : ; (one, colon, semicolon) 2ABCabc 3DEFdef 4GHIghi 5JKLjkl 6MNOmno 7PQRSpqrs 8TUVtuv 9WXYZwxyz * . @ (asterisk, period, 'at' symbol) 0 - <space> _ , (zero, hyphen, space, underscore, comma) # NOTE: When entering numbers or text, you may either rapidly press and release the key or hold down the key to scroll through the available characters. 3.4 Speakerphone Your vIPer Phone is provided with built-in speakerphone capability. Use of the speakerphone to originate calls is discussed in Make a Clear Call (page 24). 2 There is some logic to the punctuation key assignments. Here is a suggestion that may help you remember: The 1 key special characters are skinny and vertical (: and ;). The * key special characters are round (. and @). The 0 key special characters fill space, but don’t do anything (- space _ ,). Getting Acquainted 19 3.4.1 Getting the Best Performance The internal microphone is optimized for best performance in a high noise environment with a single user. You will get the best performance if you speak directly into the microphone (as opposed to “across” it) located in the lower right-hand corner of the phone. The microphone will be most sensitive if the phone is placed in the most vertical position on an uncluttered table top. This is because the microphone functions as a “boundary microphone” in which it picks up reflections off the table, as well as the direct sound. In the “flat” position, the microphone does not have the ability to capture reflections off the table. Figure 3.4-1 illustrates the location of the internal microphone. Microphone Location Figure 3.4-1: Microphone Location If two parties are sharing the speakerphone, the microphone is most effective if you are both in front of the phone speaking directly into it. Alternately, with the phone in the most upright position, a person may be seated to the rear of the phone. Placing persons to either side of the phone is least effective. 3.4.2 External Microphone The “MIC” connector on the left-hand side of the phone is not available at this time. 3.5 Menu Navigation Menus are navigated using the navigation keys (scroll up, scroll down, ENTER, and EXIT), the soft keys, and the special function keys. From the Top Level On-Hook Display, you can invoke the following menus: • The Security Menu via the Security soft key • The Phone Settings Menu via the Phone Settings soft key • The Directory Menu via the DIRECTORY key • The Speed Dial Menu via the SPEED DIAL key Getting Acquainted 20 For example, if you press the DIRECTORY key, you will see the Directory Menu, shown in Figure 3.5-1. T SpkPhone Enabled V/D Phone Muted T Locked NT1 Keys Directory 1 2 3 4 Speed Dial Personal Contacts Inbound Calls Outbound Calls 28-May-2008 18:46 555-1234 Rel 1.2 SCCP Figure 3.5-1: Directory Menu Menus are implemented as numbered lists. The first item in the list is highlighted with inverse video, and it can be selected by pressing ENTER. You can scroll up or down using the scroll arrows to select a wanted menu item, or alternately you can just press the number associated with the menu item. For example, if you wanted to access the Outbound Call history, you could either: • Press <scroll down>, <scroll down>, <scroll down>, ENTER; or • Press 4 TIP: Learn to use the number shortcut keys; they will save you time. Use the EXIT key to back out of a menu. NOTE: After a period of inactivity in a menu the TalkSECURE vIPer Phone will revert to the next higher menu. After a similar, second period of inactivity, the vIPer Phone will exit the menu system and show the Top Level On-Hook display. This behavior is normal. The vertical scroll keys are also used to navigate long lists. Depressing a scroll key momentarily moves the cursor up or down one line. Holding down a scroll key causes the display to scroll one page at a time (approximately 10 lines per page). Getting Acquainted 21 3.6 Menu Summary The menu structure of the TalkSECURE vIPer Phone is shown in Figure 3.6-1. The Sectéra vIPer Phone supports additional security menus. Users of the Sectéra vIPer Phone should consult the Sectéra vIPer Phone User’s Guide for additional menu details. Each menu function for the TalkSECURE vIPer Phone is discussed in detail in Menus (page 55). Getting Acquainted 22 Figure 3.6-1: Menu Structure Getting Acquainted 23 3.7 Make a Clear Call There are many ways to initiate a call, but they are all variations on two themes: off-hook dialing and on-hook dialing. Off-hook dialing is what you do with an ordinary phone. While off-hook dialing is easy and what we are all used to, there are some good reasons to start using on-hook dialing. The difference between on-hook and off-hook dialing is in the details. The main difference you will see is that you can edit the dial string when you dial on-hook, but you cannot when you dial off-hook. If you enter a wrong digit on-hook you can correct the error without having to hang up. NOTE: The speakerphone capability of your vIPer Phone may be disabled for security reasons. 3.7.1 Dialing a Call Clear calls may be dialed either off-hook (like a conventional phone) or on-hook (like a cell phone). 3.7.1.1 Off-Hook Dialing The steps for off-hook dialing are: 1. Take the phone off-hook by lifting up the handset or momentarily depressing the HEADSET or New Call soft key or SPEAKER key if speakerphone is enabled. 2. Wait for dial tone, then dial the number. 3. Do one of the following to end the call: a. Place the handset back on its cradle if you are using the handset. b. Momentarily depress the HEADSET key if you are using the headset. c. Momentarily depress the SPEAKER key if you are using the speakerphone. d. Press the End Call soft key. 3.7.1.2 On-Hook Dialing The steps for on-hook dialing are: 1. Enter the dial string. When you enter the first digit the top level display changes as shown in Figure 3.7-1. The << and >> scroll arrows, combined with Backspace, permit editing of the dial string 2. Do one of the following to initiate the call: a. Lift the handset for a normal phone conversation. b. Press SPEAKER to use the speakerphone capability if speakerphone is enabled. c. Press HEADSET to use your headset. Getting Acquainted 24 d. Press the New Call soft key or ENTER. This feature will only work if the speakerphone is enabled for use. 3. Do one of the following to end the call: a. Place the handset back on its cradle if you are using the handset. b. Momentarily depress the HEADSET key if you are using the headset. c. Momentarily depress the SPEAKER key if you are using the speakerphone. d. Press the End Call soft key. Figure 3.7-1: On-Hook Dial Display 3.7.1.3 Changing the Precedence of Your Call Some networks support precedence dialing. This feature goes under various names, such as MLPP (Multi-Level Precedence and Preemption) and FoFIP. Precedence is the priority associated with a call (e.g. Executive Override, Flash Override, Flash, Immediate, or Priority). Preemption is the process of ending an existing, lower priority call to allow a higher priority call to be accepted. If your network supports precedence dialing and you are allowed that capability, you can prioritize your call. If your phone is configured for menu precedence dialing, the precedence soft keys will appear. To make a priority call using soft keys, press the Precedence soft key (see Figure 3.7-1). The priorities are: EO sends an Executive Override signal (highest priority). FO sends a Flash Override signal (second highest priority). F sends a Flash signal (third highest priority). I sends an Immediate signal (fourth highest priority). P sends a Priority signal (fifth highest priority). Select one of the precedence keys and then dial the phone number. Calls made without any priority are given the lowest priority for a phone line. Getting Acquainted 25 If a priority call cannot be connected between parties, you might hear one of the following messages: • An invalid priority level was requested. • The priority of the call could not be completed because of multiple priority calls of equal or higher value or unavailability of network resources to connect the call. • The called party’s phone is busy and does not support MLPP. Precedence dialing should be used with caution because it has the potential to deny other legitimate users the ability to make calls. 3.7.2 Answering a Call When your phone rings, you may answer the incoming call in several ways: • By lifting the phone’s handset, • By depressing the HEADSET key to use a headset, • By depressing the SPEAKER key to use the phone’s speakerphone (if the speakerphone is enabled), or • By pressing the Answer soft key (if the speakerphone is enabled). If you do not answer an incoming call, the call will be marked with an asterisk in the Inbound Call list. If you are on the phone when a call comes in and your Network Administrator has set up Voicemail, the call will go to Voicemail. If you are on the phone when a precedence call comes in, see Preemption of an Existing Call (page 35). 3.8 Security Features This section discusses the security features of your TalkSECURE vIPer Phone. Users of the Sectéra vIPer Phone should consult the Sectéra vIPer Phone User’s Guide for a more detailed explanation of the capabilities of their phone. Your TalkSECURE vIPer Phone adheres to the Secure Communications Interoperability Protocol (SCIP) standard. SCIP is a cryptographic, key agreement, and communication protocol developed by the United States and other governments to provide interoperable secure communications. 3.8.1 Access Control Models The vIPer Phone contains access control features that restrict operation of the phone’s security features to authorized users only. The Security Administrator is responsible for selecting one of the three local user access control models supported by the vIPer Phone. The three access control models are: 1. Uncontrolled requires no User ID or PIN to access security features. Getting Acquainted 26 2. Controlled permits a maximum of three User IDs with PINs, each user having the same privileges and access to security features. 3. Restricted permits a maximum of one Master User ID and PIN and two User IDs with PINs. The Master User has access to some security features that are blocked from the regular users. NOTE: A PIN is a Personal Identification Number, and works like a password on a computer. You should not give your PIN to other people unless authorized by your Security Administrator. Table 3.8-1 (page 29) shows access privileges associated with each access control model. If you invoke the Controlled or Restricted access control models, when you access a feature that requires PIN access you will be prompted to supply your one digit UserID and six digit PIN. You have four opportunities to enter your UserID and PIN correctly. On the fourth consecutive failed attempt your UserID and PIN are deleted. If this is the last UserID, all keys will also be deleted. NOTE: The number of attempts to enter a PIN is limited to prevent PIN-guessing attacks on the phone. The different access control models address different needs. • If you want anyone to be able to use the phone to place secure calls, you should choose the Uncontrolled model by electing not to create User IDs and PINs. • If you want only specific people to be able to make secure calls and alter the security settings of the phone, choose the Controlled model by creating User IDs and PINs, but not creating a Master User. • If you want only one person to be able to modify the security settings of the phone, create a Master User. NOTE: Select a PIN that is easy for you to remember. The vIPer Phone will let you enter any sequence of digits you want for a PIN – the only requirement is that it be six digits long. However, certain PINs are not particularly good if you want to prevent unauthorized people from using your phone. For example: -- Avoid repeating digits or sequential digits. -- Do not use part of your phone number, driver’s license number, or other commonly known number. -- Do not use recognizable patterns, such as 121212. Check with your Security Administrator for further guidance on PIN selection. 3.8.1.1.1 Uncontrolled Access Control Model The vIPer Phone’s factory default is the Uncontrolled Access Control Model. The Uncontrolled Access Control Model requires no users to be defined and allows anyone to Getting Acquainted 27 use and change the general security capability of the phone. The phone’s Locking and Unlocking capability is not active. 3.8.1.1.2 Controlled Access Control Model The Controlled Access Control Model is established when the first User ID and PIN is created during Generate APK or Add User processing and is not made a Master User. Any subsequent user IDs created will have the same access privileges as the first user. In the Controlled Access Control Model, you are required to enter your User ID and PIN to unlock the phone to access the security functions: PIN Menu, Key Mgmt Menu, Security Menu, Software Update and secure communication. All users that have a User ID and PIN have the same capabilities relative to the security functionality of the phone. Users that do not have a User ID and PIN have limited access to the phone and limited capabilities (e.g., they will not be able to access the Key Management or Security Features menus, perform a Software Update, or make a secure call). To create users and associated User IDs and PINs, perform the Add User steps in one of the following sections: • Add User (page 71) • Generate APK (page 68) Following the creation of the first user, the phone is now using the Controlled Access Control Model. Anyone has access to non-security functionality; see Table 3.8-1 (page 29) for more information. 3.8.1.1.3 Restricted Access Control Model For the Restricted Access Control Model, the first User ID and PIN that is created is made a Master User. Only the Master User can access and/or change the security capability under the Security Menu and perform Software Updates. The Master User always has a User ID of 1. Users that do not have a Master or User ID and PIN have limited access to the phone and limited capabilities (e.g., they will not be able to access the Key Management or Security Features menus, perform a Software Update, or make a secure call). Any users created after the Master User will be created as User IDs with PINs. NOTE: The Master User must be the first user created. If a User ID with PIN has already been created, and he has not been designated a Master User, you cannot create a Master User without first deleting all existing Users and key material. 3.8.1.1.4 Capabilities of each Access Control Model Capabilities attendant with each access control model are identified in Table 3.8-1. The annotations in the table convey the following meaning: Getting Acquainted 28 • • • • No PIN – No User ID or PIN is required to access this feature for this access control model. For example, anyone can access clear voice with any access control model. User PIN – A User ID and PIN (inclusive of Master User) is required to access this feature for this access control model. For example, any person with a User ID and PIN (inclusive of Master) can access Secure Voice when using either the Controlled or Restricted access control model. Master PIN – Only the Master’s User ID and PIN can be used to access this feature for this access control model. For example, only the Master User can access software update when using the Restricted access control model. N/A – This feature does not appear with this access control model. For example, the PIN Menu does not appear when using the Uncontrolled access control model. Table 3.8-1: Access Control Restrictions for Various Models Model Feature Clear Voice Secure Voice Software Update PIN Menu Zeroize Menu Key Management Menu Menu Security Features Access Menu Configuration Menu Service Menu Phone Settings Menu Directory Menu Speed Dial Menu Uncontrolled (No PIN) No PIN No PIN No PIN N/A Controlled (PINs defined) No PIN User PIN User PIN User PIN Restricted (PINs defined w/Master) No PIN User or Master PIN Master PIN User or Master PIN No PIN No PIN No PIN No PIN User PIN User or Master PIN No PIN User PIN Master PIN No PIN No PIN No PIN No PIN No PIN No PIN No PIN No PIN No PIN No PIN No PIN No PIN No PIN No PIN No PIN Sometimes a PIN is required to access certain menus, depending on your access control model. If a PIN has already been entered, it will not be asked for again until the Auto Lock timeout expires. The Auto Lock timeout will expire after a period of inactivity. Once it expires, the cryptographic capabilities of the phone are inaccessible until a PIN is entered again. For more information on the Auto Lock timeout, refer to Auto Lock (page 72). 3.8.2 User Management In the Controlled and Restricted Access Control Models, users may be added or deleted as needed to limit use of the vIPer Phone’s security features. Getting Acquainted 29 3.8.2.1 Add Users Users may be added up to the limit supported by the phone (currently 3, including the Master User). Once User IDs and PINs have been created they should be issued to the responsible persons. See Add User (page 71) to learn how to add users. 3.8.2.2 Delete Users When a user no longer requires access to the phone his User ID and PIN should be deleted. See Delete User (page 72) to learn how to delete users. 3.8.2.3 Consequences of Deleting the Master User It is possible, and desirable under some circumstances, to delete the Master User after creating additional User IDs and PINs. By deleting the Master User, the ability to access security critical functions is removed. This can be a means of preventing unauthorized access to these features. 3.8.3 Key Management When the vIPer Phone ships from the factory, it does not contain any encryption key material. An encryption key is required for making secure calls. This section describes the types of keys used by the TalkSECURE vIPer. Users of the Sectéra vIPer Phone should consult the Sectéra vIPer Phone User’s Guide for information on additional key types. The TalkSECURE vIPer Phone uses two types of keys with two distinct purposes: • Encryption key (required) – used to encrypt the phone conversation • Group key (optional) - used to define User Groups or Communities of Interest among users who share a common encryption key 3.8.3.1 Encryption Key The vIPer Phone will need to have an encryption key enabled or generated before a secure call can be established. Two types of encryption key are supported for encrypting phone conversations: • Universal Certificate (UnivCert) encryption key: Government-defined key used to go secure with General Dynamics and non-General Dynamics terminals. For instructions on enabling the UnivCert encryption key, see Enable UnivCert (page 68). • Automatic Public Key (APK) encryption key: A General Dynamics proprietary key used to go secure with General Dynamics terminals. For instructions on generating the APK key, refer to Generate APK (page 68). APK is generated by the phone and does not expire. It may be regenerated at any time. At the beginning of each secure call, a Traffic Encryption Key (TEK) is generated by your phone in cooperation with the phone you are calling. The TEK is only used once for each call - then it is discarded. Information from your UnivCert or APK encryption key, the corresponding encryption key of the phone you are calling, and random data are used to form the TEK, so it is different for every call. Getting Acquainted 30 On a phone with both a generated APK and an enabled UnivCert encryption key, the phone gives priority to the UnivCert encryption key when establishing a secure call. Such a phone will only fall back to the APK encryption key if the remote terminal as a generated APK encryption key and does not have an enabled UnivCert encryption key. NOTE: General Dynamics recommends that the APK encryption key be regenerated periodically based on your security policy. 3.8.3.2 Group Key The Group Key is used in conjunction with the encryption key and allows you to securely communicate with a controlled group of users. Group Key encrypts only call setup information. The vIPer Phone uses a one-time TEK generated during call setup to encrypt the phone conversation. There are two types of Group Key: • UnivCert Group Key – Government defined Group Key associated with the UnivCert encryption key • APK Group Key – General Dynamics defined Group Key associated with the APK encryption key A central administrator (usually your Security Administrator) defines who belongs to a group and assigns a Group Key to that group. He loads the Group Key into each phone belonging to a group member. The vIPer Phone can hold any combination of up to ten UnivCert or APK Group Keys to allow participation in multiple groups. Suppose you have three groups called Management, Sales, and Engineering shown in Figure 3.8-1. Everyone in each group needs to be able to talk to members of his own group. In addition, you want Management to be able to talk to Engineering and Sales, but you do not want Engineering and Sales talking to each other. Each group gets their own Group Key; there is a Sales Key, a Management Key, and an Engineering Key. In addition, Management gets the Sales Key and the Engineering Key. Because Management also has the Sales and Engineering Group Keys, Management can talk securely with those departments. But since Sales and Engineering do not share a Group Key, they cannot talk securely with each other. Getting Acquainted 31 Managment Sales Mgt Key Sales Key Eng Key Sales Key Eng Key Engineering Figure 3.8-1: Group Key Management When you place a secure call the phone will automatically select a compatible Group Key to speak with the other party; you do not have to select a key. If you do not have a matching key, and all of the Mandatory Exclusion Flags for your keys are set True to deny traffic, you will not be able to speak with the other party. However, if your phone has one of its Group Key Mandatory Exclusion Flags set to False, you will be able to talk securely to a party outside the group by performing a Secure Downgrade to APK. Group Key is generated and loaded into the phone either by using the Group Key Manager Tool or by manually entering it via the dialpad. The Group Key Manager Tool is a PC based application that is provided on your distribution CD and can also be obtained by contacting Customer Support (page 115). General Dynamics recommends using the Group Key Manager Tool to generate and load Group Key into your phone. The Group Key Manager Tool generates the Group Key and makes it easy to load the same Group Key into several phones. For more information on developing and loading Group Key, refer to the Group Key Manager Tool User’s Manual, included on your distribution CD. For information on loading Group Key, see Load Group Key (page 69). NOTE: General Dynamics recommends that once the vIPer Phone has a Group Key loaded, the user should create User PINs to control access to the vIPer Phone. Without a User PIN, anyone can access and use your vIPer Phone and Group Key. Refer to User Management (page 29) and Access Control (page 26). Getting Acquainted 32 3.8.3.3 Zeroize The Zeroize function removes key material from your vIPer Phone. Zeroize is used primarily if you want to load a new key into the phone, if you fear your APK key or Group Keys have been compromised, or if you fear your phone is about to be compromised (e.g. stolen or tampered with). TIP: It is good security practice to zeroize and regenerate your APK key occasionally. If you are using Group Key, it is also a good idea to generate and distribute new Group Keys periodically. Your Security Administrator can tell you what your organization’s policy is regarding key regeneration and distribution. 3.8.4 24 Hour Retest Your vIPer Phone includes the capability to test its cryptographic components periodically. The 24 hour retest feature works as follows: 1. Approximately 24 hours after the last power up or retest, the phone checks if there is an on-going call. If there is no call, the phone resets itself, which causes it to go through its built-in tests. 2. If there is an on-going call, the phone waits for the call to end. 3. After the call ends, the phone waits an additional ten seconds. If no call is initiated in that time, the phone resets. 4. If a new call is initiated before ten seconds expires, the phone repeats this process from step 2. Each time the phone resets it goes through a full suite of security self-tests. Other critical subsystems are tested as well. If your computer is connected to the 10/100 PC Port on the back of the phone when the System Retest occurs, the programs currently running on your computer may be affected. This would be the same as disconnecting and reconnecting your computer from the Ethernet connection. Some programs will need to be restarted, while other programs, such as Microsoft Outlook, will reconnect after a short period of time. General Dynamics recommends the following solutions: 1. To reduce the operational impact of System Retest, cycle power on the phone during off hours so that System Retest also occurs during off hours or use a separate LAN drop for your computer. 2. When a System Retest occurs, if your computer loses connectivity and does not automatically re-connect to the network, select Start >> Run and type ipconfig /release <enter>, then select Start >> Run and type ipconfig /renew <enter> on your computer. If any subsystem reports a failure, the phone will reset again and attempt to clear the error. If the error cannot be cleared after four attempts, the phone reports the error on the display and waits for a user response. General Dynamics recommends that you note the Getting Acquainted 33 error code and contact your COMSEC Custodian or Security Administrator if you should ever see an error display. 3.8.5 Depot Return Switch The Depot Return switch clears all key material from the phone and renders the phone incapable of cryptographic processing when depressed and held for two seconds. It is labeled “DEPOT RTN” and located under the base of the phone. WARNING: The Depot Return switch operates whether the phone is powered or not and is intended to be used when preparing the phone for return to General Dynamics C4 Systems for repair. The phone must be returned to restore cryptographic capability once the switch is depressed. The Depot Return switch may be used as a zeroize switch in emergency situations as long as the user is aware that the phone is no longer capable of secure calls until serviced by General Dynamics C4 Systems. Refer to Section 10.3, Returns, (page 115) for more information. Getting Acquainted 34 4 Advanced Features This section describes features provided by your phone and/or network infrastructure. It should be noted that some features, such as voice mail, depend on network support and will not function if your network does not provide these capabilities. 4.1 Managing Calls This section provides information on what can be done while in a call. NOTE: In addition to the features described here, three-way conferencing and call transfer are planned for a future release. A software upgrade will be provided when these features are available. 4.1.1 Multi-Line Capability NOTE: Multi-line capability is planned for a future release. The LINE and CONF buttons are reserved for future use and have no affect on your phone. A software upgrade will be provided when these features are available. 4.1.2 Preemption of an Existing Call Your network may support call preemption. If so, and your clear voice call is preempted, you will hear a preemption tone and your current call’s channel will be torn down immediately (you will have no voice). If a Secure call (Voice or Data) is preempted, the call will be terminated but you will not hear a preemption tone. You must place the phone on-hook at which time, if you are the person who is being called, your phone will ring and you may answer. See Changing the Precedence of Your Call (page 25) for information on how to make a precedence call. 4.1.3 Audio Device Selection Your TalkSECURE vIPer Phone is equipped with three audio devices, or ports – a handset, a headset (optional), and a speakerphone. As you have already seen, you can use any of them to initiate a voice call. You can also switch between them during a voice call (audio devices are inactive during a Secure Data call). The switching during a voice call works as follows: • If you are using the handset and press SPEAKER or HEADSET, the speakerphone or headset will become active. You can then place the handset on the cradle. • If you are using the speakerphone or headset and lift the handset off the cradle, the handset becomes active. • If you are using the speakerphone and press HEADSET, the headset becomes active. Advanced Features 35 • If you are using the headset and press SPEAKER, the speakerphone becomes active. The Master User of your phone may elect to disable speakerphone capability if your phone is used in certain environments. If so, the SPEAKER key has no effect. The top line on the display shows an icon indicating which audio device is active. No icon is displayed if all audio devices are inactive. For more information on speakerphone, see Speakerphone (page 19). For more information on the Master User capabilities, see Security Features (page 26). 4.1.4 Hold (Clear Calls Only) You can place a clear call on hold at any time by pressing HOLD. Press HOLD again to reactivate the call. HOLD has no effect while in a secure call. If you need to place the secure caller on hold, you must first go clear. When a call is on hold, the word Hold will appear on the call status line and the words Phone Muted will be shown on the top line of the display with the “T” Trust Indicator in the left-most column. The phone will not send audio to or receive audio from the caller on hold, thus limiting the bandwidth consumed by the call. 4.1.5 Mute Press MUTE to mute outbound audio for the currently active voice (clear or secure) call. Press MUTE again to restore outbound audio. When the phone is muted it doesn’t send out any audio, but may still receive audio from the other phone (if it is a voice session), and will therefore continue to consume some network bandwidth. The caller at the far end will hear nothing, but you will still be able to hear him. Mute works during both clear and secure voice calls. This is important to remember since the transition between clear and secure voice calls will maintain the current mute state of the phone. The MUTE key has no effect on the transmission of data during a Secure Data session. NOTE: The MUTE key may be used during a Secure Data session to enable/disable the mute setting (for voice mode only) of the vIPer. The current mute setting (enabled/disabled) will be utilized when the vIPer returns to voice mode. When outbound audio is muted, the words Phone Muted will be shown on the top line of the display with the “T” Trust Indicator in the left-most column. When outbound audio is being sent (i.e. not muted), the words Phone Unmuted will be shown on the top line of the display with the “T” Trust Indicator in the left-most column. Outbound audio is always muted when the phone is idle. Advanced Features 36 4.1.6 Redial You can quickly redial the last dialed number by pressing REDIAL. The redial buffer remembers the last dialed call, including precedence information (see Changing the Precedence of Your Call (page 25). Thus, if you dialed a number with high precedence, when you use Redial, the new call will be dialed with the same precedence. 4.2 Secure Calls This section guides you through the process of making and terminating secure calls. Before you can do so, however, your vIPer Phone needs to be loaded with key material. Refer to Load NT1 Keys (page 67) for further information. Users of the Sectéra vIPer Phone should consult the Sectéra vIPer Phone User’s Guide for further information on key fill. The vIPer Phone supports two types of secure calls: Secure Voice and Secure Data. The type of secure call that is established is dependent on how the secure call is initiated and on the configuration of the local and remote devices as shown in Table 4.2-1. Remote SCIP Device Configuration Local SCIP Device Configuration Secure Voice Only Secure Data Only Secure Voice & Data Secure Voice Only Secure Voice Secure Call Fails Secure Voice Secure Data Only Secure Call Fails Secure Data Secure Data Secure Voice & Data Secure Voice Secure Data Secure Voice OR Secure Data1 1 Depending on how the secure call was initiated or answered and the vIPer Phone’s and remote device’s settings will determine if Secure Voice or Secure Data is established. Table 4.2-1: Secure Calls Based on Configurations Advanced Features 37 4.2.1 SCIP Secure Call Setup The SCIP (Secure Communications Interoperability Protocol) specification defines the required signaling and exchange of data between two SCIP devices necessary to establish a secure SCIP session. In all SCIP secure session negotiations, there is a SCIP initiator and a SCIP responder. To initiate a secure session, the SCIP initiator sends a signal to the remote device to notify it that a secure session is being initiated. When the remote device receives this signal, it enters the SCIP responder mode and waits for the initiating SCIP device to send the first SCIP session negotiation packet. During the SCIP session negotiation, both devices indicate what their capabilities and preferences are for the secure session (including voice/data modes). If the SCIP devices support mutual secure session capabilities, then the SCIP secure session is established at the most secure encryption capabilities common to the two devices. If there are no shared capabilities between the two devices, then the SCIP secure session establishment will fail. Depending upon the device at the other end of your call and network conditions, the vIPer Phone can complete a clear to secure transition in 2 to 30 seconds. There are three indications that a secure session has been successfully established: • A solid blue light under the SECURE key, • A voice prompt indicating “Line is secure,” and • A security level display with a “T” Trust Indicator in the first column of the lines displaying security data. There may be additional information, but absence of any of the three indications cited above suggests your phone has been compromised and should not be used for secure calls. The common ways to start Secure Voice and Secure Data calls are discussed in the following sections. To transition between Secure Voice and Secure Data modes during a secure call, see Performing a Mode Change (page 51). TIP: Prior to placing a secure call, enter your User ID and PIN, if one has been created. TIP: Prior to initiating secure call setup, verify the remote device’s security access control has been satisfied or else secure call setup will fail. TIP: Only one person should initiate the secure call setup. Prior to going secure, discuss with your remote party who is to initiate going secure. If both parties attempt to initiate going secure, the secure call setup may fail. Advanced Features 38 4.2.2 Establishing a Secure Voice Call In order for a Secure Voice call to be supported on your vIPer Phone, Secure Voice mode must be configured as enabled and at least one key must be loaded (i.e. APK or UnivCert). For more information on enabling Secure Voice and Secure Data modes, see Secure Application Control (page 74). NOTE: If Secure Data mode is enabled and the DTR line on the Red Data Port is asserted (or Data Port Mode is set to Ignore), and the Preferred Security Mode is configured to be Secure Data, a Secure Data call may be placed instead of a Secure Voice call. For more information on Red Data Port functionality, see Controlling the vIPer via the Red Data Port (page 86). For more information on configuring the Preferred Security Mode, see Preferred Security Mode (page 82). 4.2.2.1 Transitioning from a Clear Voice Call to a Secure Voice Call If you are already in a clear call, Secure Voice is enabled (for more information on enabling Secure Voice mode, see Secure Application Control (page 74)) and Secure Voice is configured as the Preferred Security Mode (see Preferred Security Mode (page 82)), you may transition to a Secure Voice call by pressing the SECURE key. The vIPer Phone will initiate a secure session (Secure Voice mode preferred) with the remote SCIP device. NOTE: Only one of the parties should initiate the transition to a secure session by pressing the SECURE key; the other device must correctly respond to the messaging sent out by the secure initiator. If both parties press the SECURE key (i.e. both parties are SECURE initiators), the Secure session may fail. When the SECURE key is pressed the vIPer Phone will begin secure call setup processing. Refer to Secure Call Setup (page 46) for more details. If the secure call fails, refer to Secure Call Setup Failures (page 48) to resolve the error and try again. NOTE: The amount of time it takes to go secure may vary, but is generally 2 to 30 seconds. Voice traffic in both directions is muted while the call is going secure. Once the call is secure you can resume your conversation. Also, you will notice some data on the display that indicates your call is secure. You will see Secure Voice displayed on the left side and the security level displayed on the right side of the Secure Processor Status Line (see Figure 3.2-1). You should also see the “T” Trust Indicator in the left-most column. Advanced Features 39 WARNING: If you see a message on the display that indicates you are in a secure call, but the “T” (Trust Indicator) is not present in the first column of the line displaying this data, YOUR CALL IS NOT SECURE and you should not discuss any sensitive information. You should report this problem to your COMSEC Custodian or Security Administrator, as well as to Customer Support (page 115). 4.2.2.2 Automatic Transition to Secure Voice If Automatic Secure Voice (ASEC) is enabled, the vIPer Phone will automatically attempt to transition to a Secure Voice call when an incoming call is answered. See Secure Application Control (page 74) for information on configuring ASEC. If a Secure Voice call cannot be established with the remote device, you will be prompted to either terminate the call or allow the call to revert to a clear call. 4.2.2.3 Establishing an Exclusive Secure Voice Call If Secure Data is disabled or the DTR line on the Red Data Port is not asserted and Data Port Mode is not configured to Ignore (see Data Port Mode (page 81) for more information), you may establish an exclusive Secure Voice call (i.e. clear voice and Secure Data will not be supported) by entering the phone number via on-hook dialing (see On-Hook Dialing on page 24) and initiating the call by pressing the SECURE key. When the SECURE key is pressed the speakerphone will automatically become active (if it is enabled) and the vIPer Phone will initiate a call using the entered dial string. NOTE: The speakerphone must be enabled in order to place an Exclusive Secure Voice Call. After a connection is established with the remote SCIP device, the vIPer Phone will wait for the remote device to initiate the necessary signaling to transition to a Secure Call (clear voice will not be possible). If the remote device does not initiate the necessary signaling (i.e. become the Secure Initiator), the Secure Voice call will timeout and fail. NOTE: If Secure Data mode is enabled and the DTR line on the Red Data Port is asserted (or Data Port Mode is set to Ignore), a Secure Data call may be established instead of a Secure Voice call. For more information on Red Data Port functionality, see Controlling the vIPer via the Red Data Port (page 86). When answering an incoming call you may transition directly to a Secure Voice call by pressing the SECURE key to answer the call. The vIPer Phone will answer the call, automatically activate the SpeakerPhone (if it is enabled) and initiate the transition to Secure Voice (i.e. become the Secure Initiator). Clear voice communications will not be Advanced Features 40 possible. If a Secure Voice call cannot be established between the two devices, the call will be terminated. 4.2.2.4 Transitioning to a Secure Data Call from a Secure Voice Call You may be able to transition from a Secure Voice call to a Secure Data call by changing the Mode of the call. See Performing a Mode Change (page 51) for more information on changing the mode of a secure call. 4.2.3 Establishing a Secure Data Call In order for a Secure Data call to be supported on your vIPer Phone, Secure Data mode must be configured as enabled (see Secure Application Control (page 74) for more information on how to enable Secure Data), at least one key must be loaded (i.e. APK or UnivCert), and the DTR line on the Red Data Port must be asserted or the Data Port Mode configured to Ignore DTR. For more information on configuring the Data Port Mode see Data Port Mode (page 81). NOTE: The vIPer provides both a USB and a RS-232 Red Data Port (RDP) to support Secure Data functionality. The two external ports are wired such that only one port may be active at any one time. If both ports are simultaneously connected to active devices, the USB interface takes precedence over the RS-232 interface. See Controlling the vIPer via the Red Data Port (page 86) for more information on Red Data Port operations. A Secure Data call may be initiated by a device connected to the Red Data Port by the use of AT commands. For more information see Controlling the vIPer via the Red Data Port (page 86). A host computer may set up a Secure Data call for a secure Dial-up Networking session or terminal emulator software (e.g., HyperTerminal™) may be used to establish a Secure Data session. Consult the program manual for your Host Computer’s terminal emulation application for details on how to create scripts and transmit AT Commands to the TalkSECURE vIPer Phone. NOTE: The vIPer Phone Modem Driver is needed to control the vIPer Phone when connecting to automatic software such as Windows Dial-up Networking. The vIPer Phone Modem Driver software is included on the CD-ROM that is shipped with the vIPer Phone. For more information on installing the vIPer Phone Modem Driver, see Red Data Port Modem Driver (page 89). Advanced Features 41 4.2.3.1 Transitioning from a Clear Voice Call to a Secure Data Call If you are already in a clear call and Secure Data is enabled (for more information on how to enable/disable Secure Data, see Secure Application Control (page 74)), you may transition to a Secure Data call by the following methods: • • • Pressing the SECURE key when the Preferred Security Mode is configured to be Secure Data. The vIPer Phone will initiate a secure session (Secure Data preferred) with the remote SCIP device. Entering an ATA command through the Red Data Port. The vIPer Phone will initiate a Secure Data session with the remote SCIP device. For more information on entering AT commands, see Controlling the vIPer via the Red Data Port (page 86). Entering an ATD command through the Red Data Port. The vIPer Phone will prepare to respond to a Secure Data session initiated by the remote SCIP device (i.e. the vIPer Phone will enter the Secure Responder mode). For more information on entering AT commands, see Controlling the vIPer via the Red Data Port (page 86). NOTE: If the SECURE key is pressed and the Preferred Security Mode is configured to be Secure Voice and Secure Voice mode is enabled, a Secure Voice call may be placed instead of a Secure Data call. NOTE: Only one of the parties should initiate the transition to a secure session by pressing the SECURE key or by entering the ATA Command on the Red Data Port; the other SCIP device must correctly respond to the messaging sent out by the secure initiator. If both parties initiate the transition to a Secure Call, the Secure Call may fail. For more information on Secure Call establishment, see SCIP Secure Call Setup (page 38). When the SECURE key is pressed or the ATA command is entered on the RDP, the vIPer Phone will begin secure call setup processing. Refer to Secure Call Setup (page 46), for more details. If the secure call fails, refer to Secure Call Setup Failures (page 48) to resolve the error and try again. NOTE: The amount of time it takes to go secure may vary, but is generally 2 to 30 seconds. Voice traffic is muted while establishing and during a Secure Data call. Once the Secure Data connection is in place, the vIPer Phone will output “CONNECT <line speed>” to the Host Computer and assert the Data Port signal Data Carrier Detect (DCD). If the vIPer Phone fails to establish a Secure Data call, it will output “NO CARRIER” and the Data Port signal DCD will remain de-asserted. Advanced Features 42 Also, you will notice some data on the display that indicates your call is secure. You will see Secure Data displayed on the left side and the security level displayed on the right side of the Secure Processor Status Line (see Figure 3.2-1). You should also see the “T” Trust Indicator in the left-most column. WARNING: If you see a message on the display that indicates you are in a secure call, but the “T” (Trust Indicator) is not present in the first column of the line displaying this data, YOUR CALL IS NOT SECURE and you should not transfer any sensitive data. You should report this problem to your COMSEC Custodian or Security Administrator, as well as to Customer Support (page 115). 4.2.3.2 Automatic Answer and Transition to Secure Data Call If Automatic Answer Secure Data (AANS) is enabled, after the configured number of rings the vIPer Phone will automatically answer an incoming call and attempt to establish an exclusive Secure Data call (i.e. Clear/Secure Voice will not be possible). For more information on configuring AANS, see Secure Application Control – Secure Data (page 75). If a Secure Data call cannot be established with the remote device, the call will fail. NOTE: If the configured number of rings is too large, the calling device may timeout before the call is answered. If this happens, reduce the configured number of rings. 4.2.3.3 Placing an Exclusive Secure Data Call via the SECURE Key If Secure Data is enabled and the DTR line on the Red Data Port is asserted (or Data Port Mode is not set to Ignore, see Data Port Mode (page 81) for more information on configuring the Data Port Mode), you may restrict a call to exclusively support Secure Data (i.e. Clear/Secure Voice will not be possible) by entering the phone number via onhook dialing (see On-Hook Dialing (page 24)) and initiating the call by pressing the SECURE key. When the SECURE key is pressed the vIPer Phone will initiate a call using the entered dial string. After a connection is successfully established with the remote SCIP device, the vIPer Phone will wait for the remote device to initiate the necessary SCIP signaling to transition to a Secure Call. If the remote device does not initiate the necessary signaling (i.e. become the Secure Initiator), the Secure Data call will timeout and fail. When answering an incoming call you may transition directly to an exclusive Secure Data call by pressing the SECURE key to answer the call (i.e. without activating the handset, speakerphone or headset). The vIPer Phone will answer the call and automatically initiate the transition to Secure Data (i.e. become the Secure Initiator). If a Secure Data call cannot be established between the two devices, the call will fail. Advanced Features 43 NOTE: If Secure Voice mode is enabled and there is an active audio device (i.e. handset, headset or speakerphone) when the SECURE key is pressed, a Secure Voice call may be established instead of a Secure Data call. 4.2.3.4 Placing an Exclusive Secure Data Call via AT Commands You may place a call that supports Secure Data exclusively (i.e. Clear/Secure Voice will not be possible) by dialing via an ATD command entered through the Red Data Port (RDP) while the vIPer is in the on-hook state. For more information see Controlling the vIPer via the Red Data Port (page 86). When the ATD command is received, the vIPer will go off-hook and initiate a call to the remote device using the entered dial string. After a connection is successfully established to the remote SCIP device, the vIPer Phone will enter the Secure Responder state and wait for the remote device to initiate the necessary SCIP signaling to transition to a Secure Call. If the remote device does not initiate the necessary signaling (i.e. become the Secure Initiator), the Secure Data call will timeout and fail. NOTE: The vIPer considers ATD dial commands received on the Red Data Port to be Secure Data calls unless the vIPer is already in secure mode (voice or data), in which case the dial string is treated as Secure Dial digits. For more information, see Secure Dial ( page 52). NOTE: When AT commands are utilized to establish a secure session, Secure Data mode is offered as the preferred security mode, regardless of the configured Preferred Security Mode (i.e. voice or data) setting. NOTE: Any input on the Red Data Port during secure session establishment (i.e. after the ATD or ATA command, but before the session is in place) will be considered an on-hook event and will result in the termination of the secure session. 4.2.3.5 Transitioning from a Secure Data Call to a Secure Voice Call You may be able to transition from a Secure Data call to a Secure Voice call by changing the Mode of the call. For more information, see Performing a Mode Change (page 51). 4.2.4 Dial-Up Networking You may use your vIPer Phone to secure a dial-up networking session between a client PC connected to the Red Data Port (RDP) of the vIPer and a remote network. A dial-up network architecture is shown in Figure 4.2-1. A bank of TalkSECURE Wireline Advanced Features 44 Terminals (SWTs) is located between the Gateway and the Access Server. When the Switch receives an incoming call, it routes the call to an idle SWT. The SWT answers the call and begins the establishment of a Secure Data session with the vIPer Phone. When a secure link is established, the Access Server and the Client PC are notified and then begin a login session that, if successful, will allow the Client PC to gain access to the protected network. DATA Port Client PC Analog LINE Port Ethernet Port TalkSecure vIPer Phone Internet Gateway Switch (Note 1) DATA Port Access Server Protected Network Bank of TalkSECURE Wireline Terminals Note 1: The Switch may be multiple phone lines with a phone number for each line. Figure 4.2-1: Secure Dial-up Networking Architecture In order for a Dial-Up Networking application running on a Client PC to automatically control the vIPer Phone through the Red Data Port (RDP) of the vIPer, the vIPer modem driver must be installed on the Client PC. This modem driver provides modem control information to the operating system and to the application that uses the modem driver. The modem driver file for the vIPer Phone is included on the vIPer distribution CD. For directions on installing the vIPer modem driver, see Installing the Red Data Port Modem Driver (page 89). For more information on controlling the vIPer via the Red Data Port, see Controlling the vIPer via the Red Data Port (page 86). NOTE: The details of setting up the Windows operating system and applications after installing the vIPer Phone Modem Driver are not covered here. Refer to your Microsoft® Windows and application documentation and help files for more information. NOTE: The modem driver and vIPer Phone can only be used on the Dial-up Networking client end. Advanced Features 45 TIP: Prior to going secure with the remote Access Server, make sure that your Host Computer settings (e.g., Routing and Remote Access, parity, data rate, flow control) are compatible with the vIPer Phone. Note that the vIPer Phone only supports Hardware Flow Control, 8 bit data, 1 stop bit, and no parity. See Data Port Rate on page 81 for information on setting the data rate of the vIPer Phone. After a secure session is in place, the vIPer Phone will notify the Client PC by sending a CONNECT message with the established data rate to the Red Data Port. When the Client PC sees that the connection has been established, it will proceed with Dial-up Networking normally from that point. 4.2.5 Secure Call Setup Status Messages During secure call setup, the vIPer Phone will advance through the display messages and voice prompts shown in Table 4.2-2. Secure call setup lasts approximately 2-30 seconds. During this period, the audio link to the far side is muted. If secure call setup fails, see Secure Call Setup Failures (page 48) to resolve the problem and try again. Advanced Features 46 Table 4.2-2: Secure Call Setup Prompts DISPLAY MESSAGE VOICE PROMPT "Connection in progress." (This prompt repeats until Establishing Connection the modem is trained.) DESCRIPTION The audio link to the far side is muted while the modem trains. Going Secure UnivCert Group Key: PROTECTED <Display ID>2,1,3 UnivCert: PROTECTED <authentication text>1,3 APK Group Key: SECURE APK “Secure call setup in progress. Please stand by.” (This prompt repeats until the secure call is established.) The audio link to the far side is muted while secure call setup completes. <Display ID>2 APK: SECURE APK UnivCert Group Key: PROTECTED <Display ID>2,1 UnivCert: PROTECTED <authentication text>1 APK Group Key: SECURE APK <Display ID>2 APK: “Line is secure (beep).” Secure call setup completes. Secure Voice or Secure Data is displayed in the left most character position to indicate a Secure Voice or Secure Data session has been established. If Secure Voice is established, the audio link to the far side is unmuted and encrypted conversation can begin. If Secure Data is established, encrypted data transfer can begin. SECURE APK 1 <authentication 2 <Display ID> is 3 During Secure text> is the Issuer and Subject information of the UnivCert Group Key. the Group Key Display ID information. It contains information about the Group Key. Call Setup, all of the key information may not be displayed. 4.2.5.1 Secure Downgrade When placing a Secure Call you may receive a Secure Downgrade request and hear the voice prompt “Security Downgrade.” The Security Downgrade prompt occurs when a lesser preferred key is negotiated during secure call setup. The selection of the lesser preferred key occurs because the remote device does not contain a common more Advanced Features 47 preferred key. When asked, press Yes to accept the lesser key and No to abort the Secure Call. If you press No, your phone will direct you to press the CLEAR key to go Clear. A Secure Downgrade may occur for any of the following scenarios: • Your phone has an APK encryption key and the UnivCert encryption key enabled, but the remote phone only has APK encryption key. • Both phones have the UnivCert encryption key enabled, but your phone contains Group Key with the Mandatory Exclusion Flag set FALSE and the remote phone does not have the same Group Key. • Both phones have an APK encryption key, but your phone contains a Group Key with the Mandatory Exclusion Flag set FALSE and the remote phone does not have the same Group Key. 4.2.5.2 Secure Call Setup Failures When you start a secure call, your phone and the remote phone must agree on the parameters (including key material) for the call. If the phones cannot agree, the secure call fails and the phones revert to clear audio (if a clear call is possible). You are prompted to press CLEAR to be sure you are aware that you do not really have a secure session. If reverting to a clear call is not possible (i.e. a clear call was not established prior to going secure), the call will be terminated. There are several reasons why a call can fail to go secure: • The device on the other end of the call is not compatible. Make sure the device you are calling is SCIP/FNBDT compatible. • You have incompatible Group Key. See Group Key (page 31) for more information. • Your phone, or the phone at the other end, has not been filled with key material. See Encryption Key (page 30) for more information. • You are dialing off-network and your network does not provide a V.150 gateway function. Consult with your Network Administrator. • Your phone, or the phone at the other end, has been configured such that there is not a common mode (i.e. voice or data) between the two phones. • Your network’s quality of service is insufficient to support a secure call. See your Network Administrator. NOTE: If the remote party presses SECURE on their phone and you have not yet entered your User ID and PIN, you will immediately receive the “Press CLEAR to go clear” prompt. This is because your phone is not ready to process secure call setup information. Press CLEAR and the other party will also be prompted to press CLEAR. Enter your User ID and PIN and try again. When a secure call setup fails, the vIPer Phone will display one of the error messages from Table 4.2-3 and play “(beep, beep, beep) Secure call failed. Press clear to go clear.” Advanced Features 48 Table 4.2-3: Secure Call Error Messages Error Message Modem Error Description Somewhere in the link between your phone and the remote phone there is an analog segment with a modem that was unable to negotiate an acceptable digital channel with the modem on the other end of the segment. Retry. You also might see this error if you are trying to go secure with a phone that is off-net and your network does not provide a V.150.1 gateway. Contact your Network Administrator. No Initiator No Response No Crypto Verify Unexpected MID Remote Crypto Verification Failed The secure call setup signaling has failed. Retry. Crypto Verification Failed Call Setup Timeout Reset Timeout Transport Error Advanced Features 49 Error Message Description Both phones must have common operational mode parameters (e.g., No Matching Parameters vocoder type). Contact your local Security Administrator. Both phones must be configured to support a common operational No Common mode (i.e., Secure Voice or Secure Data). For example, this error Operational occurs when your phone calls the remote phone and the remote phone Mode responds in a data mode and your phone is only capable of voice. The local and remote phones do not have compatible keys. Your phone will not be able to go secure unless both your phone and the remote phone have enabled the UnivCert encryption key or generated an APK No Common Key encryption key. If Group Keys are present, they must have a matching Group Key. See Key Management Menu (page 66) for more information. Your phone needs to have the UnivCert encryption key enabled or an APK encryption key generated. Group Keys cannot be used to make a No Keys secure call without the APK encryption key. For additional information, see Enable UnivCert (page 68) or Generate APK (page 68). Your phone needs to be unlocked. Enter your Master or User ID and Security Locked PIN and retry. See PIN Menu (page 62) for more information. This error will occur if you attempt to make a secure call with a remote phone whose minimum Security Level settings do not allow going Security Level secure with your APK encryption key. The remote phone must generate an APK key and make sure it’s minimum Security Levels are set correctly. The secure call setup took too long or the Secure Downgrade prompt was not responded to within one minute, causing the phone to fail the Setup Timeout secure call setup. Retry. You may need to extend SCIP Timeout setting if the problem persists. See SCIP Timeout (page 81). Communication Modem training failed or the secure connection abruptly terminated. Error Retry. The secure call setup signaling has failed, retry. If this problem persists, the remote phone does not have a compatible encryption key. Certificate Fail Your phone or the remote phone needs to regenerate an APK encryption key. See View Keys (page 66). Both your phone and the remote phone have a Group Key and the Key Values are not the same. Because the Key Values do not match, the Group Key Mismatch secure call fails. Carefully reload the Group Key into both devices, making sure that the Key Values match. Remote Communication Timeout The secure connection cannot be maintained. It may be possible to return to a clear connection by pressing CLEAR. Advanced Features 50 4.2.6 During a Secure Call This section details operations that you may perform during a Secure Call. These operations include Mode Change and Secure Dial. 4.2.6.1 Performing a Mode Change After you have established a secure session, if your TalkSECURE vIPer Phone and the remote device are capable of both Secure Voice and Secure Data, you may be able to change the secure operational mode of the call between Secure Voice and Secure Data by pressing the MODE key on the TalkSECURE vIPer Phone. If your TalkSECURE vIPer Phone did not support both modes at the time the call was established, you will not be allowed to perform a Mode Change. The necessary conditions for the vIPer to support a secure voice call are detailed in Establishing a Secure Voice Call (page 39). The necessary conditions for the vIPer to support a secure data call are detailed in Establishing a Secure Data Call (page 41). NOTE: If you initiate a Mode Change and the remote device has older software that does not support Mode Change, either your TalkSECURE vIPer Phone will display Mode Change Not Allowed or the remote device will display Secure Failed and end the call. NOTE: The TalkSECURE vIPer Phone supports Mode Change as many times as you wish during a secure call. However, devices built by other manufacturers may not support any change or only support a one-way Mode Change. NOTE: It is suggested that Secure Data transfers be stopped prior to initiating a Mode Change. If your TalkSECURE vIPer Phone is transmitting data when a Mode Change occurs, the data received from your Host Computer may be interpreted as AT commands and cause: 1) the line to terminate, 2) the TalkSECURE vIPer Phone’s settings to change. 4.2.6.1.1 Initiating a Mode Change To initiate a Mode Change during a Secure Voice or Data session, press the MODE key. If Mode Change is supported on the current call (i.e., both the Secure Voice and Secure Data modes are available), the mode you will be changing to will be displayed (i.e. Mode Change to Data if you are currently in a Secure Voice call and Mode Change to Voice if you are currently in a Secure Data call). If Mode Change is not available on the current call (i.e. Secure Voice and Secure Data are not both available), the message Mode Change Not Available will be displayed. If the remote device did not indicate support of both modes when the secure call was initially established, the message Remote Cannot Change Mode will be displayed and Advanced Features 51 you will be asked if you want to override. When prompted, press Yes to accept and No to abort the Mode Change. If you select Yes, an attempt to change modes will occur. If the user of the remote device has changed it’s configuration during the call so that the remote device now supports both modes, the Mode Change will succeed. If the remote device still does not support the Mode Change, you will hear the voice prompt “Line is Secure (beep)” and the call will remain in the original security mode. The message Mode Change Failed will be displayed briefly and then the Phone will return to the Secure Call display. If the Mode Change processing completes successfully, you will hear the voice prompt “Line is Secure (beep)” and the current call security level and mode will be displayed. If you select No, the Mode Change operation will be aborted and your call will revert to the original mode. 4.2.6.1.2 Receiving a Mode Change If the remote device initiated a Mode Change request that your vIPer Phone supports, the display will indicate the mode you will be changing to (i.e., Secure Data if you are currently in a Secure Voice call and Secure Voice if you are currently in a Secure Data call). After the Mode Change processing has successfully completed, you will hear the voice prompt “Line is Secure (beep)” and the current call security level and mode will be displayed. NOTE: This is to acknowledge the changing of the secure operational mode. You do not have the capability to reject the change. If you wish to return to the original secure operating mode, initiate a mode change to that mode. 4.2.6.2 Secure Dial Secure Dial is a means of sending dial digits over a secure connection. The Secure Dial feature encodes a touch tone signal as a digital message that is then encrypted and sent to the far end. The far end phone then decrypts the message and translates it into the desired tone, distortion free. You do not need to do anything special to use Secure Dial. Once in a secure session, any digits you press on the Keypad or enter through the Red Data Port via the ATD command are transmitted as Secure Dial digits. For more information on the ATD command, refer to AT Command Support (page 92). On the receiving device, the tones are reproduced by the handset, headset, or speaker. If the receiving device is a TalkSECURE product, the display on the receive end will also show the dialed digits. You will also be able to give precedence to your Secure Dial number by pressing the Fo, F, I, or P soft keys or using the A, B, C or D characters in an ATD command. See Advanced Features 52 Changing the Precedence of Your Call (page 25) for more information on precedence dialing. NOTE: The A, B, C and D characters in an ATD command are equivalent to the Fo, F, I, and P (Flash-Override, Flash, Immediate and Priority) precedence levels, respectively. 4.2.7 Ending a Secure Call 4.2.7.1 Ending a Secure Voice Call There are three ways to end a Secure Voice call: • Press the CLEAR key, or • Hang up, or • Enter the ATH command on the Red Data Port if the DTR line on the Red Data Port is asserted (or Data Port Mode is set to Ignore). For more information on the Data Port Mode, see Data Port Mode (page 81). For more information on AT commands, refer to AT Command Support (page 92). If you press CLEAR, the blue light under the SECURE key will blink while you hear a series of call progress messages. When you hear “Line is clear” and the blue light is off you can resume your clear conversation. Voice traffic is muted while the call is going clear. If the other party should press CLEAR, you will also be prompted by your phone to press CLEAR. This is done to ensure that both parties are aware that the call has returned to a clear session. If the Secure Voice call was established using the Automatic Secure (ASEC) Voice feature, then clear voice is not possible and the call will be terminated. NOTE: You may still hear the prompt “Press clear to go clear” when clear voice is not possible (e.g. a clear call was not established before going secure). If you hear this message and a clear voice session is not established, hang up to terminate the call. If you hang up (either by placing the handset in the cradle or entering the ATH command on the RDP) to end a call, you will not hear voice prompts, but the blue light under the SECURE key will turn off. 4.2.7.2 Ending a Secure Data Call There are two ways to end a Secure Data call: • Press the CLEAR key, or • Enter the ATH command on the Red Data Port (when the Red Data Port is in Command Mode). Advanced Features 53 Note: Placing the handset in the cradle or picking it up has no effect during a Secure Data call. When you press CLEAR, the blue light under the SECURE key will blink. If there is an active audio device (e.g. the handset is offhook), you will hear a series of call progress messages. Voice traffic is muted while the call is going clear. If a clear voice call was established before transitioning to Secure Data mode, then you can resume your clear conversation when you hear “Line is clear” and the blue light is off. If there is not an active audio device or a clear voice call was not established prior to the Secure Data call, the call will be terminated when the Secure Data session is ended. If the other party presses CLEAR and clear voice is possible, you will be prompted by your phone to press CLEAR. This is done to ensure that both parties are aware that the call has returned to a clear session. 4.3 Voice Mail The vIPer Phone will display either Message Waiting or Message Waiting – Press Voice Mail Key if you have messages waiting in your voice mail inbox. You will only see Press Voice Mail Key if you have a line available to handle the call to your voice mail server. You can access your voice mail server by pressing the VOICE MAIL key. The vIPer Phone is dependent on the capabilities of a voice mail server to provide voice mail support. Your server will provide voice prompts to guide you though listening to messages and personalizing your inbox. Contact your Network Administrator for further information. Typical voice mail systems do not handle secure voice mail. Should you dial into another vIPer Phone and are directed to a voice mail system, you should not leave any information that you would not want other people to hear, as the voice mail is not stored on the phone, but rather in an unsecured external voice mail recording system. Messages left on a voice mail system may be vulnerable. WARNING: DO NOT LEAVE SENSITIVE MESSAGES ON A VOICE MAIL SYSTEM. Your vIPer Phone does not secure messages stored on a voice mail system. Advanced Features 54 5 Menus This section discusses the vIPer Phone’s menus: • Directory Menu (page 55) accessed by the DIRECTORY key • Security Menu (page 62) accessed by the Security soft key • Phone Settings Menu (page 83) accessed by the Phone Settings soft key At the beginning of each section you will find a menu path, such as: DIRECTORY >> Personal Contacts >> Find The Keystroke Font is used for the word DIRECTORY, to indicate that the DIRECTORY key is pressed to activate the menu. The Display Font is used for Personal Contacts and Find, to indicate that these must be selected from the phone’s dynamic menus. The security menu paths are described in tables which are explained in Security Menu (page 62). 5.1 Directory Menu The directory is a compilation of services provided both by your phone and your network consisting of: • Speed Dial – Speed Dial provides the capability to dial frequently used numbers with just two keypresses and to add contacts to the Speed Dial list. • Personal Contacts – Personal Contacts is a local directory maintained by your phone. It can hold up to 200 entries. • Inbound Calls / Outbound Calls – The vIPer Phone maintains a record of the last 50 inbound calls and the last 50 outbound calls made and received. The Directory, shown in Figure 5.1-1, is accessed by pressing the DIRECTORY key. Menus 55 T SpkPhone Enabled V/D Phone Muted T Locked NT1 Keys Directory 1 2 3 4 Speed Dial Personal Contacts Inbound Calls Outbound Calls 28-May-2008 18:46 555-1234 Rel 1.2 SCCP Figure 5.1-1: Directory Menu 5.1.1 Speed Dial DIRECTORY >> Speed Dial Your vIPer Phone maintains ten speed dial entries for rapid dialing of frequently used numbers. 5.1.1.1 Adding a Contact to Speed Dial Before a contact can be added to Speed Dial it first must exist in the Personal Contacts list. Add your contact (see Adding Contacts, page 59) if not already in Personal Contacts. If you have already created the contact, use the Search utility (see Searching Contacts, page 59) to select the desired contact. With the contact highlighted, press the Add to Spd Dial soft key (not the hard key). The phone will display a list of your current Speed Dial contacts. You may select an empty speed dial number, or replace an existing speed dial contact with the new one. Enter the speed dial slot you wish to use (1 through 10) and press Confirm. 5.1.1.2 Dialing a Speed Dial Number Speed Dial contacts are accessed for dialing by pressing the SPEED DIAL key or through the Directory menu (DIRECTORY >> Speed Dial). The phone presents a list of your speed dial contacts, and you can press a number (1 through 9, or 0 to access the tenth contact) to dial the number. If the phone is off-hook it will use the handset as the audio device, otherwise it uses the speakerphone (if enabled). The phone will also dial using the headset if you scroll to the desired contact, then press the HEADSET key. NOTE: If Precedence calling is enabled, a Precedence soft key will be displayed on the screen. To place a precedence call, select the precedence level before selecting the speed dial entry. Menus 56 5.1.1.3 Deleting a Speed Dial Number Scroll to the desired entry and press the Delete soft key. 5.1.2 Personal Contacts DIRECTORY >> Personal Contacts The Personal Contacts menu is illustrated in Figure 5.1-2. The menu functions are provided by soft keys. T SpkPhone Enabled T Locked 1 Adm Rick 2 Bobs Billiards 3 Carl Johnson 4 Church Chicken 5 Fred Overholt 6 Lt Carlson 7 Maj Major 8 Nancy 9 Nathan 10 Ops Center 28-May-2008 18:46 View/ Edit Delete V/D Phone Muted NT 1 Keys Personal Contacts 555-1234 Rel 1.2 SCCP Add New Entry Search Add to Spd Dial Figure 5.1-2: Personal Contacts The contacts are displayed ten entries per page. You can scroll through the entries to select the desired contact or use a number key to rapidly select a contact on the displayed page (press 10 to select the tenth entry). To dial a contact, select a contact and take the phone off-hook by either 1. lifting the handset, 2. pressing SPEAKER or ENTER, or 3. pressing HEADSET, or 4. pressing SECURE (this method uses the speakerphone, if enabled). NOTE: If Precedence calling is enabled, a Precedence soft key will be displayed. To place a precedence call, select the desired precedence level before taking the phone off-hook. The remaining subsections discuss the functions provided by the soft key menus. Menus 57 5.1.2.1 View/Edit The View/Edit dialog allows you to view and change a contact. Scroll to the contact and press View/Edit. You will be presented with the View/Edit dialog, which provides the ability to alter the name and number of the selected contact. The dialog is shown in Figure 5.1-3. Figure 5.1-3: View/Edit Dialog Scroll to the Name or Number field using the vertical scroll keys. Enter your changes using the dialpad. You can scroll right or left and delete characters using the soft keys. To enter alphabetic characters, rapidly depress or hold down the associated number key until the desired character is displayed. The character is accepted when a different key is pressed or you pause 0.5 seconds. Limited punctuation characters are mapped to the 1, 0, and * keys (refer to Table 3.3-1 on page 19). NOTE: You may insert a pause in the dial string by adding a comma “,”. The comma is one of the punctuation characters mapped to the 0 (zero) key. Press Save to accept your changes, or EXIT to back out without making any changes. NOTE: If Precedence calling is enabled, a Precedence soft key will also be displayed. 5.1.2.2 Deleting Contacts Scroll to the contact to be deleted and press Delete. Press Yes in the confirmation dialog. Menus 58 5.1.2.3 Adding Contacts You can add a contact to your Personal Contacts list by selecting Add New Entry from the Personal Contacts menu (Figure 5.1-2, on page 57). The Add New Entry dialog is similar to the View/Edit dialog, Figure 5.1-3, above. NOTE: You may insert a pause in the dial string by adding a comma “,”. The comma is one of the punctuation characters mapped to the 0 (zero) key. TIP: The scroll keys can navigate between the name and number fields. Pressing ENTER saves the contact only if both fields are non-empty. Otherwise, pressing ENTER will not save the contact. TIP: You can also add contacts from your Inbound and Outbound Call Histories and avoid manual entry of some information. See Adding an Entry to Personal Contacts (page 61) to find out how. 5.1.2.4 Searching Contacts Press the Search soft key to find a particular entry in the Personal Contacts list. Use the dialpad to enter the first few characters of the name to search for, and press ENTER or the Find soft key. The phone will display the best match to your search, followed by the next nine entries. NOTE: The Search soft key will only be displayed if there are 11 or more entries in your Personal Contacts list. 5.1.2.5 Adding an Entry to Your Speed Dial List Scroll or use the Search utility (see Searching Contacts on page 59) to select the entry to be added to Speed Dial. With the contact highlighted, press Add to Spd Dial. The phone will display a list of your current Speed Dial contacts. You may select an empty speed dial number, or replace an existing speed dial contact with the new one. Enter the speed dial slot you wish to use (1 through 10) and press Confirm or ENTER. Alternately you may scroll to the desired slot, press ENTER, and ENTER again in the confirmation dialog. Menus 59 5.1.3 Inbound Calls and Outbound Calls (Call Histories) DIRECTORY >> Inbound Calls or DIRECTORY >> Outbound Calls Your vIPer Phone maintains a history of the last 50 inbound and outbound calls. You can use the histories to dial callers or populate your Personal Contacts list. 5.1.3.1 Inbound and Outbound Histories The inbound and outbound call histories have a similar format. The Inbound Call history is shown in Figure 5.1-4. Select either Inbound Calls or Outbound Calls from the Directory menu. Figure 5.1-4: Call History NOTE: If Precedence calling is enabled, a Precedence soft key will be also displayed. 5.1.3.2 Dialing from the History To dial from the call history, do one of the following: 1. Scroll to or enter the number of the desired call and lift the handset (this method uses the handset as the audio device), or 2. Scroll to or enter the number of the desired call and press ENTER or SPEAKER (this method uses the speakerphone, if enabled), or 3. Scroll to or enter the number of the desired call and press HEADSET to use the headset, or 4. Scroll to or enter the number of the desired call and press SECURE (this method uses the speakerphone, if enabled). Many networks require you to dial 9 or 8 before dialing an outside number to seize an outside line. You can do that from the call histories using the View/Edit Dial key. Press Menus 60 View/Edit Dial, scroll to the number field, enter the desired prefix digits (you can also select a call precedence – see Changing the Precedence of Your Call on page 25) and initiate dialing as described above. 5.1.3.3 Deleting an Entry from a Call History Delete an entry by scrolling to it and pressing Delete. Press Yes in the confirmation dialog. 5.1.3.4 Adding an Entry to Personal Contacts You can add an inbound or outbound call to your Personal Contacts list by scrolling to the call and pressing Add to Contacts. The Add Contact dialog allows you to edit the entry before committing it to the Personal Contacts. Press ENTER to commit the entry, or EXIT to abort. Menus 61 5.2 Security Menu This section describes the contents of the Security Menu. Depending on the Access Control Model chosen when you loaded the first keyset and your user privileges, some of the menu items described in this section may not appear. See Access Control (page 26) for more information. Some menus may require you to enter your PIN, or the Master PIN, before you can access them. This behavior is part of the access control features of the phone and is quite normal. You will not be asked for a PIN if you are not using access controls (Uncontrolled model) or if you entered your PIN previously and the Auto Lock timer has not expired. Each menu described herein is accompanied by a table that indicates the access control requirements for the menu. For example, Table 5.2-1 illustrates the access privileges for the Lock Security menu item. The top line indicates the path to the menu, while the next three lines indicate the user types that are allowed to access the menu. Thus, access privileges do not apply under the Uncontrolled model (the menu is not present) while under the Controlled and Restricted models any User (any PIN-holder) can access the menu. Table 5.2-1: Example Access Control Table Security >> PIN Menu >> Lock Security Services Access Control Model Uncontrolled Controlled Restricted N/A Any Users Any Users The access control table entries are as follows: • N/A – does not apply for this access control model and the menu is not present. • PIN User – the individual holding a PIN. No other user can access this menu. For example, only the PIN User can change his PIN. A User cannot change other User’s PINs. • All – anyone. • Any User – anyone holding a valid PIN, including the Master User. • Master User – only the Master User (User #1). Some menus are not visible under all conditions. For example, the Zeroize NT1 menu is only visible when NT1 key (APK key) is present. Other menus are not accessible in the Restricted Access Control Model unless you are the Master User. See Access Control (page 26) for more information. 5.2.1 PIN Menu The PIN Menu allows the user to lock the phone’s security features and change his security PIN. The PIN Menu will not be visible if you have not created User IDs and PINs. Menus 62 5.2.1.1 Lock Security Services The Lock Security Services feature allows the user to make the security features of the phone inaccessible until a PIN has been entered. When the security features are locked, a user can place and receive clear calls, access the directory functions, check voice mail, and do other non-security related tasks. To lock the phone’s security features, select Lock Security Services. The phone will briefly display Security Services Locked. You can unlock the phone by selecting any menu that requires PIN access, or placing a secure call. The phone will prompt you to enter a PIN. Access privileges for Lock Security are shown in Table 5.2-2. Table 5.2-2: Lock Security Access Privileges Security >> PIN Menu >> Lock Security Services Access Control Model Uncontrolled Controlled Restricted N/A Any Users Any Users 5.2.1.2 Change Security PIN The Change Security PIN function allows the current PIN User to change his PIN. The PIN must be 6 digits long. PIN values are not checked for validity other than they must include six digits. Access privileges for Change Security PIN are shown in Table 5.2-3. Table 5.2-3: Change PIN Access Privileges Security >> PIN Menu >> Change Security PIN Uncontrolled N/A Access Control Model Controlled PIN User Restricted PIN User NOTE: Select a PIN that is easy for you to remember. The vIPer Phone will let you enter any sequence of digits you want for a PIN – the only requirement is that it be six digits long. However, certain PINs are not particularly good if you want to prevent unauthorized people from using your phone. For example: -- Avoid repeating digits or sequential digits. -- Do not use part of your phone number, driver’s license number, or other commonly known number. -- Do not use recognizable patterns, such as 121212. Check with your Security Administrator for further guidance on PIN selection. Menus 63 NOTE: It is not possible for the Master User to change the PINs of other users. If a user forgets his PIN, delete his User ID (via the Zeroize Delete User Menu), and create a new User ID and PIN for him (via the Security Features Add User Menu). 5.2.2 Zeroize Menu The Zeroize Menu allows a user to delete any of the key material loaded into the phone and delete users. 5.2.2.1 Zeroize Keyset Zeroize Keyset is a submenu header for the zeroize functions. Refer to Table 5.2-4 for the access privileges associated with the zeroize keyset functions. Table 5.2-4: Zeroize Keyset Access Privileges Security >> Zeroize >> Zeroize Keyset Uncontrolled Any User Access Control Model Controlled Any User Restricted Any User 5.2.2.1.1 Zeroize All Keys Zeroize All Keys deletes all of the key material in the phone. User accounts remain intact. Once you select Zeroize All Keys you will be prompted to confirm the operation. Press Yes to confirm and zeroize all keys, or No to abort and not zeroize any keys. When all of the key material has been zeroized the phone cannot be used to place secure calls. Key material must first be reloaded or regenerated. 5.2.2.1.2 Zeroize NT1 Zeroize NT1 is a submenu that contains the APK, UnivCert, and Group key zeroization functions. This menu item is only displayed when UnivCert, APK or Group Keys exist. 5.2.2.1.2.1 Disable UnivCert Select Disable UnivCert to disable use of the Universal Certificate encryption key. You will be presented with a confirmation dialog. Press Yes to confirm and disable use of the UnivCert, or No to abort and not disable use of the UnivCert encryption key. This menu item will only appear if you have previously enabled the UnivCert encryption key. 5.2.2.1.2.2 Zeroize APK Select Zeroize APK to zeroize the APK encryption key You will be presented with a confirmation dialog. Press Yes to confirm and zeroize the APK key pair, or No to abort and not zeroize the key pair. This menu item will only appear if you have generated an APK key. Menus 64 5.2.2.1.2.3 Zeroize Group Key Zeroize Group Key is a submenu for the Group Key zeroization functions. This menu item will only appear if you have loaded Group Key. 5.2.2.1.2.3.1 Zeroize All Group Key Select Zeroize All Group Key to zeroize all of the Group Keys loaded in the phone. You will still be able to establish secure calls with other phones without a Group Key as long as you have the UnivCert encryption key enabled or have an APK encryption key, but you will not have the added security provided by a Group Key, nor will you have the advantage of exclusion provided by a Group Key. You will be presented with a confirmation dialog. Press Yes to confirm and zeroize all Group Keys, or No to abort and not zeroize the Group Keys. 5.2.2.1.2.3.2 Zeroize Group Key Slot Group Keys are stored in “key slots.” One slot is allocated to each key, and the slot used by a key is determined when the key is loaded. The vIPer Phone provides ten group key slots. The Zeroize Group Key Slot menu items allow you to select a particular slot to zeroize. Select the slot and press ENTER. You will be presented with a confirmation dialog. Press Yes to confirm and zeroize the Group Key slot, or No to abort and not zeroize the key slot. When you zeroize a Group Key slot, you lose the ability to establish a secure connection with other holders of that Group Key unless they have at least one Group Key with the Mandatory Exclusion Flag set to False. In this case, they will be asked if they wish to perform a Secure Downgrade to allow a secure connection to be established. See Key Management Menu (page 66) for more information. 5.2.2.2 Delete User ID The Delete User ID menu feature allows you to delete any of the users of the phone. If you delete the Master User (User ID #1) while using the Restricted access control model, all functions controlled by the Master User remain inaccessible to all users. To recover these functions you must delete all users, regenerate APK, and reestablish new UserID/PINs. Access privileges associated with Delete User ID are shown in Table 5.2-5. Table 5.2-5: Delete User ID Access Privileges Security >> Zeroize >> Delete User Uncontrolled N/A Any User Access Control Model Controlled Restricted Any User Menus 65 NOTE: When you delete the last User ID and PIN you will also consequently delete all key material loaded in the phone. You will receive a prompt from the phone when you initiate deleting the last User ID and may choose not to continue at that point. You will have to regenerate APK and reload Group Key if used, before you can make a secure call. 5.2.3 Key Management Menu The Key Management menu allows you to manipulate the key material stored in your phone. If you are using a Sectéra vIPer Phone, please refer to the Sectéra vIPer Phone User’s Guide for additional information about the keys and cryptology of the Sectéra vIPer Phone. 5.2.3.1 View Keys The View Keys menus allow you to review the status of the various keys stored in the phone. 5.2.3.1.1 View NT1 Key 5.2.3.1.1.1 View UnivCert The View UnivCert menu displays the authentication information in the Universal Certificate. The access privileges for View UnivCert are shown in Table 5.2-6. Table 5.2-6: View UnivCert Access Privileges Security >> Key Management >> View Keys >> View NT1 Key >> View UnivCert Uncontrolled All Any User Access Control Model Controlled Restricted Any User The phone will display the authentication information from the Universal Certificate if UnivCert has been enabled. Otherwise, the phone will display UnivCert Not Enabled. 5.2.3.1.1.2 View APK Status The View APK Status menu simply displays whether or not an APK has been generated. The access privileges for View APK Status are shown in Table 5.2-7. Table 5.2-7: View APK Status Access Privileges Security >> Key Management >> View Keys >> View NT1 Key >> View APK Status Uncontrolled All Access Control Model Controlled Any User Restricted Any User The phone will display APK Keyed if APK has been generated. Otherwise you will see APK Not Keyed. Menus 66 5.2.3.1.1.3 View Group Key The View Group Key menu displays whether or not each of ten Group Key storage slots are loaded. The access privileges for View Group Key are shown in Table 5.2-8. Table 5.2-8: View Group Key Access Privileges Security >> Key Management >> View Keys >> View NT1 Key >> View Group Key Uncontrolled All Any User Access Control Model Controlled Restricted Any User The View Group Key display is shown in Figure 5.2-1. You can scroll to any of the slots and press ENTER to get additional information on the key in that slot. Alternately, you can press a digit (1 – 10) to go immediately to the detail display. T SpkPhone Enabled T V/D Phone Muted NT1 Keys View Group Key Slot: 01 Slot: 02 Slot: 03 Slot: 04 Slot: 05 Slot: 06 Slot: 07 Slot: 08 Slot: 09 Slot: 10 Empty Empty Empty Empty Empty 28-May-2008 18:46 Rel 1.2 SCCP Figure 5.2-1: View Group Key Display 5.2.3.2 Load NT1 Keys The Load NT1 Keys menu is illustrated in Figure 5.2-2. Your vIPer Phone is incapable of establishing a secure call until the UnivCert encryption key has been enabled or APK encryption key has been generated. Select either EnableUnivCert or Generate APK to enable secure call operation. Menus 67 T SpkPhone Enabled V/D T Phone Muted NT1 Keys Load NT1 Keys Menu 1 Enable UnivCert 2 Generate APK 3 Load Group Key 28-May-2008 18:46 555-1234 Rel 1.2 SCCP Figure 5.2-2: Load NT1 Keys Menu Access privileges associated with the Load NT1 Keys menu are shown in Table 5.2-9. Table 5.2-9: Load NT1 Keys Access Privileges Security >> Key Management >> Load NT1 Keys Uncontrolled All Any User Access Control Model Controlled Restricted Any User 5.2.3.2.1 Enable UnivCert The Universal Certificate encryption key must be enabled before it can be used for securing calls. To enable it, select Enable UnivCert from the Load NT1 Keys menu. You will be guided through the enablement process. 1. Press Yes or ENTER at the Enable UnivCert? prompt. 2. Press ENTER to confirm. 3. You will see the Processing message. 4. You will see Key Enable Finished. Press ENTER or EXIT to conclude UnivCert key enablement. See Access Control (page 26) for more information about access control models. 5.2.3.2.2 Generate APK Automatic Public Key is generated by the vIPer Phone. To start generation, select Generate APK from the Load NT1 Keys menu. You will be guided through the key generation process. 1. Press Yes or ENTER at the Begin Generation? prompt. 2. You will be prompted to press ENTER twenty times. Press ENTER until the prompt goes away. 3. You will see the Generating Key Material message. Menus 68 4. If this is your first time loading key, or the first time since zeroizing the key, you will be asked to create a user. 5. At the Add First User? prompt, press Yes to create a User ID and PIN, or No if you wish to use the phone without access controls (the Uncontrolled Access Control Model). The process ends if you selected No, otherwise continue: a. If you pressed Yes, you will be prompted to enter a Personal Identification Number (PIN) for User ID 1. A PIN is six digits long and may be any combination of digits you like. b. You are then prompted to re-enter the PIN to verify you entered it correctly. c. At the Make User Master? prompt, press Yes if you want the user to be a Master User (which has the effect of choosing the Restricted Access Control Model). Otherwise press No, effectively choosing the Controlled Access Control Model. 6. You will see Add User Successful followed by Key Load Finished. Press ENTER or EXIT to conclude APK generation. See Access Control (page 26) for more information about access control models. 5.2.3.2.3 Load Group Key A Group Key is usually generated and loaded using the Group Key Manager Tool. The Group Key Manager Tool and the Group Key Manager Tool User’s Manual are included on the distribution CD or can be obtained by contacting Customer Support (page 115). 5.2.3.2.3.1 Loading Group Key from the Data Port To load Group Key using the Group Key Manager Tool, select Load Group Key from the Load NT1 Keys menu, then select Load Group Key Data Port and follow the instructions in the Group Key Manager Tool User’s Manual. 5.2.3.2.3.2 Loading Group Key Manually A Group Key can also be loaded manually via the dialpad, however it is susceptible to errors and is not recommended unless absolutely necessary. The dialpad operates in alphanumeric mode when manually entering Group Key information. Rapidly depressing or holding down a key will cycle through the alphanumeric characters assigned to the key. The phone does some checking to ensure that invalid characters are not entered, but there is no integrity mechanism to ensure that the exact same key is entered into all phones. For this reason, manually loading group key should only be considered as a last resort. To manually load Group Key, select Load Group Key Keypad from the Load NT1 Keys Load Group Key menu. Select UnivCert Group/Keypad to load Group Key associated with calls that use the Universal Cert encryption key, or select APK Group/Keypad to load Group Key associated with calls that use the APK encryption key. Then proceed as follows: Menus 69 1. At the Enter Slot Number 1-10 prompt, enter a number 01 through 10 and then press ENTER. 2. At the Short Title: prompt, enter the Short Title by which the Group Key will be known, up to six characters. A short title is the name of the key that is exchanged during secure call setup. For dialpad entry, the digits 0 through 9 are the only valid characters. Then press ENTER. 3. At the Display ID: prompt, enter the key name that will be displayed during a secure call, up to sixteen characters. For dialpad entry, the digits 0 through 9 are the only valid characters. Then press ENTER. 4. At the Edition: prompt, enter the two character edition of the key (1 through 99) and then press ENTER. 5. At the Set Mandatory Exclusion? Prompt, press True or False. If you choose False (for any Group Key), the phone will be allowed to go secure with other phones not possessing a group key common with one of the group keys in your phone. 6. At the Key Value Entry prompt, enter exactly 32 characters, consisting of 0 through 9 and A through F. Use key 2 to enter characters A thru C and key 3 to enter characters D thru F (e.g., 45D202611023CFC991408562DBD827B3). 7. At the View Group Key? Prompt, you may choose Yes to review the data you entered, or No if you are thoroughly confident you entered the data correctly. 8. At the Key Correct? prompt, press Yes to store the key, or No to abort entering the key. 9. If you pressed Yes, you will see the Storing Key followed by the Key Load Finished message. TIP: A Mandatory Exclusion value of False, in any Group Key loaded into your phone, will allow your phone to go secure with any phone whether or not it has a matching Group Key. Mandatory Exclusion values of False should be used with discretion. If you must carry on secure conversations with people who do not use Group Key, you should always set Mandatory Exclusion to False for at least one Group Key. TIP: If you have a temporary need to go secure with a phone that does not have Group Key, but do not want to allow it normally, enter a bogus Group Key with the Mandatory Exclusion flag set to FALSE, then delete the key when the need for it no longer exists. The key is not actually used, so the values you enter are not important, except for the Exclusion flag. Menus 70 TIP: When manually entering a key value, it can be tempting to enter something that is easy to enter and remember, such as 12345678901234567890123456789012. While this practice does make entry easy, it does not result in a good key. Good keys should consist of random data, and random data is neither easy to remember nor enter. General Dynamics recommends, if at all possible, using the Group Key Manager Tool provided on your distribution CD to generate and load your key data. If you are unable to use Group Key Manager to generate your key, there are several good sources of random data on the Internet. WARNING: Failure to manually enter the same key data used in other phones in the same group will render your phone incapable of going secure with those phones unless Mandatory Exclusion is set to False for any Group Key. It is of paramount importance that all key data be entered exactly the same in each phone in a group (except for the Mandatory Flag and the Slot Number). For this reason, Group Key should be manually entered only as a last resort. NOTE: It is good security practice to distribute key data over a different channel than you use for normal data transfers. For example, do not call a person and recite Group Key data over the phone for which the Group Key is intended, even if the connection is secured. It would be better to mail the data. 5.2.4 Security Features Menu The Security Features menu addresses the configurable security parameters and some security features of the vIPer Phone. 5.2.4.1 Add User You can add User IDs and PINs to a vIPer Phone, up to a limit of three. Access privileges associated with Add User are shown in Table 5.2-10. Table 5.2-10: Add User Access Privileges Security >> Security Features >> Add User Uncontrolled All Access Control Model Controlled Any User Restricted Master User To add a user: 1. Select Add User from the Security Features Menu. 2. The vIPer Phone will assign a User ID. 3. Enter the PIN for the new user. 4. Press ENTER. 5. The display will progress to the next dialog in which you re-enter the PIN. Menus 71 6. Press ENTER again. 7. If this is the first User ID/PIN created, you will see the Make User Master? prompt. Press Yes if you want a Master User; No otherwise. See Access Control (page 26) for more information on access control models and why you might want to create a Master User. NOTE: Creating a Master User has the effect of hiding the Security Features Menu from the other, non-Master users. 5.2.4.2 Delete User You can delete Users from a vIPer Phone to revoke access to the security features of the phone. Access privileges associated with Delete User are shown in Table 5.2-11. Table 5.2-11: Delete User Access Privileges Security >> Security Features >> Delete User Uncontrolled N/A Any User Access Control Model Controlled Restricted Master User To delete a user: 1. Select Delete User from the Security Features menu. 2. Enter a User ID (1, 2, or 3 are valid choices) at the Delete User ID prompt. 3. Press ENTER. 4. You will receive a confirmation prompt – Do you really want to delete user n? Press Yes to confirm, No to abort. Once a User ID and PIN are deleted, the holder of that User ID will not be able to access the security features of the phone. WARNING: If you delete a Master User, the Security Features Menu will be inaccessible until all User IDs are deleted. WARNING: If you delete the last User, all key material in the phone will also be deleted. 5.2.4.3 Auto Lock The Auto Lock function locks the phone’s security features after a prescribed period of non-security use. Menus 72 Table 5.2-12: Auto Lock Access Privileges Security >> Security Features >> Auto Lock Uncontrolled N/A Any User Access Control Model Controlled Restricted Master User This menu is not available until a PIN is created. You can activate or deactivate the Auto Lock feature through the Auto Lock menu, shown in Figure 5.2-3. Once the security features are locked, you must re-enter a valid PIN to enable them again. Select ON to enable the Auto Lock feature, or OFF to disable the feature. The “>” indicates the active selection. If you select ON, you will be prompted to enter an Auto Lock timeout, shown in Figure 5.2-4. Enter a timeout ranging from 01 to 99 minutes. If you enter 00, the phone will display Value Invalid and use the previously defined value. The Auto Lock timer is reset and restarted each time you exit a security feature menu or end a secure call. As long as you are in a secure call, or are accessing a security feature menu, the timer has no effect. The Auto Lock feature will not interrupt a secure call. Once you end the secure session, the timer will restart. T SpkPhone Enabled T V/D Phone Muted NT1 Keys Auto Lock Menu 1 >ON 10 2 OFF 28-May-2008 18:46 555-1234 Rel 1.2 SCCP Figure 5.2-3: Auto Lock Menu Menus 73 T SpkPhone Enabled V/D T Phone Muted NT1 Keys Auto Lock ON in minutes: 28-May-2008 18:46 555-1234 Rel 1.2 SCCP Figure 5.2-4: Auto Lock Timeout Dialog 5.2.4.4 Secure Application Control The Secure Application Control menu allows the user to select the supported modes of operation for Secure Voice and Secure Data. Access privileges for Secure Application Control are shown in Table 5.2-13. Table 5.2-13: Application Control Access Privileges Security >> Security Features >> Application Control Uncontrolled All Access Control Model Controlled Any User Restricted Master User 5.2.4.4.1 Secure Application Control – Secure Voice The Secure Voice Menu allows the user to select the supported modes of operation for Secure Voice. Secure Voice may be disabled, or enabled with Auto Secure on Answer (ASEC) on or enabled with Auto Secure on Answer off. When Auto Secure on Answer is enabled, your phone will automatically attempt to go secure when you answer an incoming call. If unable to go secure, your phone will prompt you to press the CLEAR key to enter a clear voice call. The active selection is shown by the “>” symbol. When Auto Secure on Answer is enabled and the security features of the vIPer Phone are unlocked (i.e. a valid User ID and PIN have been entered), the characters ASEC will be shown on line 2 of the display. Menus 74 5.2.4.4.2 Secure Application Control – Secure Data The Secure Data Menu allows the user to select the supported modes of operation for Secure Data. Secure Data may be disabled, or enabled with Auto Answer On (AANS) or enabled with Auto Answer Off. When Auto Answer is enabled, your phone will automatically answer an incoming call after the configured number of rings and attempt to establish a Secure Data call. If a Secure Data call cannot be established, the call will be terminated. The active selection is shown by the “>” symbol. When Auto Answer Secure Data is enabled and the security features of the vIPer Phone are unlocked (i.e. a valid User ID and PIN have been entered), the characters AANS will be shown on line 2 of the display. The Auto Answer Ring Menu allows the user to configure the number of rings before the incoming call is answered. NOTE: If the configured number of rings is too large, the calling device may timeout before the call is answered. If this happens, reduce the configured number of rings. 5.2.4.5 Security Level The Security Level menu item is used to limit secure operation by specifying a minimum and maximum security level authorized for secure calls. NOTE: The security levels increase in order from SECURE APK (lowest) to PROTECTED (highest). You can use the minimum and maximum security levels to limit secure operation. For example, by setting the minimum and maximum level to PROTECTED, a vIPer Phone that has UnivCert encryption key enabled and APK encryption key generated will only be able to establish a secure call with terminals with UnivCert encryption key enabled, prohibiting all APK secure calls. The default minimum security level is SECURE APK, and the default maximum security level is PROTECTED. NOTE: Use this feature carefully as secure operation can be prohibited. Here are some examples: 1) Setting the minimum level to PROTECTED (for UnivCert encryption key) will prohibit APK secure operation. 2) Setting the maximum level to SECURE APK (for APK encryption key) will prohibit UnivCert secure operation. Access privileges for Security Level are shown in Table 5.2-13. Menus 75 Table 5.2-14: Security Level Access Privileges Security >> Security Features >> Security Level Uncontrolled All Any User Access Control Model Controlled Restricted Master User To change the security level settings: 1. Select Security Level from the Security Features Menu. 2. The vIPer Phone will prompt for the Min Voice Level. 3. Scroll or use the number keys to select between PROTECTED and SECURE APK. 4. The vIPer Phone will prompt for the Max Voice Level. 5. Scroll or use the number keys to select between PROTECTED and SECURE APK. 6. The vIPer Phone will notify you if you have selected settings that prohibit Secure Voice based on your currently loaded keys; otherwise, the vIPer Phone will proceed to the Secure Data settings. 7. The vIPer Phone will prompt for the Min Data Level. 8. Scroll or use the number keys to select between PROTECTED and SECURE APK. 9. The vIPer Phone will prompt for the Max Data Level. 10. Scroll or use the number keys to select between PROTECTED and SECURE APK. 11. The vIPer Phone will notify you if you have selected settings that prohibit Secure Data based on your currently loaded keys; otherwise, the vIPer Phone will return to the Security Features Menu. 5.2.4.6 Speakerphone Certain environments may require disabling the Speakerphone. Navigate to the Speakerphone menu and select Disabled to prevent use of the Speakerphone. The active selection is shown by the “>” symbol. You can also verify the setting of the Speakerphone feature on the top line of the display. Access privileges associated with the speakerphone control are shown in Table 5.2-15. Table 5.2-15: Speakerphone Control Access Privileges Security >> Security Features >> Speakerphone Uncontrolled All Access Control Model Controlled Any User Restricted Master User 5.2.4.7 Black Computer Port The vIPer Phone incorporates a two port Ethernet switch to ease connection to existing computer networks. When the Black Computer Port is enabled, you can plug a computer into the PC port on your phone, plug the phone into the network, and both phone and Menus 76 computer will share the same network physical connection, though they will have different IP addresses. Some installations may require the phone to be connected to a separate network dedicated to voice applications. For security reasons these installations may also require the PC port be turned off, so that a computer cannot be inadvertently connected to the voice network through the phone. Use the Black Computer Port menu to enable or disable the PC port. The default is disabled. The active selection is shown by the “>” symbol. Table 5.2-16 shows access privileges associated with this menu. Table 5.2-16: Black Computer Port Access Privileges Security >> Security Features >> Auto Secure Uncontrolled All Any User Access Control Model Controlled Restricted Master User 5.2.4.8 Web Interface The vIPer Phone’s network settings can be managed across the LAN port from a standard web browser when Web Interface is enabled. Some installations may require that the Web Interface feature be disabled once the network settings have been made in order to prevent the possibility of remote configuration changes. Use the Web Interface menu to enable or disable the Web Interface feature. The default is enabled. The active selection is shown by the “>” symbol. Table 5.2-17 shows access privileges associated with this menu. Table 5.2-17: Web Interface Access Privileges Security >> Security Features >> Web Interface Uncontrolled All Access Control Model Controlled Any User Restricted Master User Menus 77 5.2.4.9 CLR Event Buffer The vIPer Phone maintains a record of security events and system errors that occur during operation. This buffer is circular in nature in that once it fills up it begins overwriting the oldest records. Occasionally, when debugging problems with the phone, it is necessary to clear this buffer to ensure that you get fresh data. Normally you will only need to do this when Customer Support (page 115) is helping you debug a problem. To clear the buffer, select CLR Event Buffer and press Yes in the confirmation dialog. Table 5.2-18: CLR Event Buffer Access Privileges Security >> Security Features >> CLR Event Buffer Uncontrolled All Any User Access Control Model Controlled Restricted Master User 5.2.5 Service Menu The Service Menu contains various submenus that provide information related to the operational condition of the vIPer Phone. All submenus carry the same access privileges, illustrated in Table 5.2-19. Table 5.2-19: Verify Software Access Privileges Security Menu >> Service Menu Uncontrolled All Any User Access Control Model Controlled Restricted Any User 5.2.5.1 Verify Software Verify Software can be used to verify the cryptographic integrity of the software loaded in your phone. Some organizations may require users to run this feature periodically to ensure the software has not been tampered with. Select Verify Software from the Service Menu and wait for completion. You will see the Verifying Software Please Wait message while the phone checks internal signatures on its software load. When the check is completed you will either see Software Verify Successful or Software Verify Failed. You should contact your security officer for further instructions if the verification fails. NOTE: The Verify Software function only checks the security software. It does not verify the integrity of the networking software. The networking software and the clear vocoder are checked each time the phone is powered on and during a 24-hour retest; however this check is not as rigorous as that performed on the security software by the Verify Software function. Menus 78 5.2.5.2 System Retest System Retest has the same effect as removing and reapplying power to the phone. Select System Retest from the Service Menu if you are experiencing problems with the phone. The Perform System Retest? message will appear. Press ENTER to confirm. See If You Have Problems (page 106) for additional information. 5.2.5.3 Event Buffer The Event Buffer allows you to view error and status codes stored by your phone. • Error Codes are recorded when something goes wrong. Error Codes typically indicate malfunctions of the phone. • Status Codes are recorded during normal operation of the phone. The Event Buffer is an important troubleshooting tool but should not normally be needed. If you call Customer Support (page 115) they may request a copy of the event buffer. See If You Have Problems (page 106) for additional information. 5.2.5.3.1 View Error Code Select View Error Code to retrieve a list of the error codes recorded by your phone. A sample Error Code list is shown in Figure 5.2-5. The first column of numbers is simply a reference number. The second column is the session number, and the third column is the Error Code. Figure 5.2-5: Error Code List You can scroll through long lists with the vertical scroll keys. 5.2.5.3.2 View Status Code Select View Status Code to retrieve a list of the status codes recorded by your phone. The Status Code list is very similar to the Error Code list shown in Figure 5.2-5. The first column of numbers is simply a reference number. The second column is the session number, and the third column is the Status Code. Menus 79 5.2.5.4 Version Info Version Info allows you to view the software version numbers of the various applications residing in the phone. Select this item to view the following information: • SCP Boot Ver: The Secure Call Processor boot software version number • SCP Oper Ver: The Secure Call Processor operational software version number • Secure VP Boot Ver: The Secure Vocoder boot software version number • Secure VP Oper Ver: The Secure Vocoder operational software version number • FPGA Ver: The security firmware version number • Network Proc Boot Ver: The Network Processor boot software version number • Network Proc Oper Ver: The Network Processor operational software version number • Network Proc Cure Ver: The Network Processor Code Upgrade Recovery software version number • HMI Boot Ver: The HMI Controller boot software version number • HMI Oper Ver: The HMI Controller operational software version number The above information is useful if you must report a problem to Customer Support (page 115). 5.2.5.5 Terminal Serial Number Select Terminal Serial Number to view the electronic serial number of your phone. This version number should match the version number on the product label. 5.2.6 Configuration Menu The Configuration Menu allows you to change some of the parameters affecting the secure operation of the phone. Access privileges for the sub-menus within the Configuration Menu are shown in Table 5.2-20. Table 5.2-20: Configuration Menu Access Privileges Security >> Configuration Menu Uncontrolled All Access Control Model Controlled Any User Restricted Any User 5.2.6.1 View Fill Status The View Fill Status menu shows you what type of keys the phone has loaded. It does not tell you anything about the keys, however. For more detailed information, navigate to Security >> Key Management >> View Keys (limited to Master User if you are using the Restricted Access Control Model (see Access Control on page 26). 5.2.6.2 Network Settings The Network Settings menu displays network settings related to secure sessions only. Menus 80 5.2.6.2.1 SCIP Timeout The SCIP timeout is a secure call setup timeout that normally should not need to be changed. If your network experiences long delays and calls fail to go secure, it may be beneficial to experiment with a longer timeout value. NOTE: Changing SCIP timeouts will have no effect on clear call performance. Contact your Network Administrator if you are experiencing performance problems with clear calls. 5.2.6.3 Red Data Port The Red Data Port menu allows you to configure the Red Data Port. The Red Data Port is a shared port, providing both a standard DB-9 RS-232 connector and a B style USB connector. The Red Data Port is located on the back of the vIPer Phone and is labeled SECURE DATA/FILL. NOTE: The Red Data Port will automatically switch between USB and RS-232 based on what is connected. The USB and RS-232 ports cannot be used simultaneously. If you have been using one port, then need to use the other, it may be necessary to remove and reapply power, or execute the Service Menu System Retest function (see System Retest on page 79). 5.2.6.3.1 Data Port Rate The Data Port Rate menu allows you to set the operating rate (Baud rate) of the RS-232 port. It has no effect on the USB port. The RS-232 port is configured for 1 start bit, 1 stop bit, and no parity. These settings cannot be changed. Scroll to the desired rate and press ENTER to select it. Supported rates are 2400, 4800, 9600, 14400, and 115200 baud. The active selection is indicated by the “>” symbol. NOTE: The data port rate should match the rate supported by the device connected to the Red Data Port. 5.2.6.3.2 Data Port Mode The Data Port Mode Menu selects the operating mode for the RS-232 port. Menus 81 The Data Port Mode is used to support Secure Data, update the security software, send AT commands, and other administrative functions. The Data Port Mode feature allows you to select one of the following operational modes: Normal: • Use this setting for most scenarios. • In this mode, the DATA Port interface signals are always enabled. • When DTR is asserted, the phone recognizes that a data device is attached to its DATA Port and ready to use. Ignore DTR: • Use this setting when you want to: o Connect a non-standard Host Computer or device (e.g. DTD) that does not provide the DTR signal. o Utilize the USB Port. If the USB port is used then DTR must be configured to Ignore DTR. Power Save: • Use this setting for low power mode (i.e., when powered by a battery). • In this mode, the signals on the RS-232 Red Data Port Interface are disabled unless the DTR signal from your Host Computer is asserted. Once DTR is asserted there is no difference between Normal and Power Save modes on the RS232 Red Data Port. • In this mode, the USB Red Data Port Interface is disabled. Scroll to the desired operating mode and press ENTER to select it. In general, the mode setting should be left as Normal. The active selection is indicated by the “>” symbol. WARNING: Do not select a Data Port Mode setting of Power Save if you will be using the USB Red Data Port Interface. The USB Red Data Port Interface is disabled when the Data Port Mode is set to Power Save. 5.2.6.4 Preferred Security Mode The Preferred Security Mode allows you to set the Preferred Security Mode (i.e. Voice or Data). If the Preferred Security Mode is set to Secure Voice and both modes are possible during the secure session establishment, Secure Voice mode will be given preference over Secure Data. If the Preferred Security Mode is set to Secure Data and both modes are possible during the secure session establishment, Secure Data mode will be given preference over Secure Voice. The Preferred Security Mode is shown on line 2 of the display as shown in Figure 3.2-1. For example, if both Voice and Data modes are enabled and Voice mode is configured as the Preferred Security Mode, then V/D will be shown on the display. If Data mode is configured as the Preferred Security Mode, then D/V will be shown on the display. Menus 82 Scroll to the desired mode and press ENTER to select it. The active selection is indicated by the “>” symbol. TIP: Your selection of the Preferred Security Mode will force the vIPer Phone to attempt that type of secure session first (i.e., Secure Voice or Secure Data). If unsuccessful, the vIPer Phone will attempt the next highest priority of secure processing. NOTE: When AT commands are utilized to establish a secure session, Secure Data mode is offered as the preferred security mode, regardless of the configured Preferred Security Mode (i.e. voice or data) setting. 5.3 Phone Settings Menu 5.3.1 Date and Time Phone Settings >> Date and Time 5.3.1.1 Date Format The Date Format menu allows you to change how dates are displayed on the phone. • MM/DD/YYYY selects the standard US month/day/year numeric format. • DD/MM/YYYY selects the European standard day/month/year numeric format. • DD-MMM-YYYY selects the day/alphabetic month/year mixed format. 5.3.1.2 Time Format The Time Format menu allows you to select 12-hour or 24-hour format. 5.3.2 Network Information Phone Settings >> Network Information Select Network Information to display the network settings of the phone. Figure 5.3-1 illustrates a sample Network Information display. Press EXIT when you are through viewing the data. Menus 83 T SpkPhone Enabled T Locked V/D Phone Muted NT1 Keys Network Info IP Enabled DHCP IP Address: 123.34.17.9 IP Netmask: 255.255.255.0 Peer SIP Proxy IP: N/A Gateway IP: 162.162.162.1 DNS1IP: 123.0.0.1 DNS2IP: 123.0.0.2 28-May-2008 18:46 555-1234 Rel 1.2 SCCP Figure 5.3-1: Network Information Display The first line under the Network Info header indicates that the phone is configured for IP operation. The second line indicates whether the phone is configured for Static or Dynamic IP addressing (DHCP). This is followed by the IP address of the phone (whether assigned by an administrator in static mode or by a DHCP server in dynamic mode) and the netmask for the phone. The SIP proxy address is not applicable to phones configured for Cisco SCCP networks. Finally the addresses of the primary and secondary DNS servers are shown. NOTE: Your Network Administrator may have elected to suppress the display of IP addresses as a security precaution. If so, all that will be displayed is the mode: Static or Dynamic. 5.3.3 Display Settings Phone Settings >> Display Settings The Display Settings dialog allows you to change the backlight intensity and display contrast. 5.3.3.1 Backlight To change the Backlight intensity, scroll to Backlight and press ENTER. Use the up/down scroll keys to change the intensity, then press ENTER when you are satisfied. 5.3.3.2 Contrast To change the contrast, scroll to Contrast and press ENTER. Use the up/down scroll keys to change the contrast, then press ENTER when you are satisfied. Menus 84 5.3.4 Purge Call History Phone Settings >> Purge Call History Select Purge Call History to clear the call histories and the redial buffer. Menus 85 6 Controlling the vIPer via the Red Data Port The TalkSECURE vIPer Phone may be controlled by the use of AT (ATtention) Commands by a Host Computer (or other device) connected to the TalkSECURE vIPer Phone’s Red Data Port. Control is limited to the set of AT Commands defined in AT Command Support (page 92). You, and/or a software application on your Host Computer, may use AT Command text strings to control the TalkSECURE vIPer Phone like an external modem. AT Commands can be issued to the TalkSECURE vIPer Phone in two ways: • Manually typing in the commands via a serial terminal emulation program such as HyperTerminal, Tera Term (Pro), or Procomm. • Automatically, by software packages that know how to control modems using AT Commands, such as Windows Dial-Up-Networking or via the “auto-dialing” abilities of a terminal emulator. 6.1 Connecting to the Red Data Port The Red Data Port is a shared port, providing both a standard DB-9 RS-232 connector and a B style USB connector. The Red Data Port is located on the back of the vIPer Phone and is labeled SECURE DATA/FILL. NOTE: The USB Red Data Port Driver must be installed on your computer before you can use the USB Red Data Port on the TalkSECURE vIPer. See USB Red Data Port Driver Installation and Use (page 91) for more information. NOTE: The Red Data Port will automatically switch between USB and RS-232 based on what is connected. Both USB and RS-232 cannot be used simultaneously. If both are connected at the same time, the USB port has priority. If you have been using one port, then need to use the other, it may be necessary to remove and reapply power, or execute the Service Menu System Retest function (see System Retest on page 79). 6.2 Modem Operations Applications running on your computer can communicate with external modems, such as the vIPer Phone, either directly or through the Windows operating system by using a modem driver. A modem driver defines the set of AT (i.e. modem) commands that a specific device supports for various modem operations. The modem driver for the TalkSECURE vIPer Phone is included on your distribution CD and may also be obtained by contacting Customer Support (page 115). For instructions on installing the modem driver see Installing the Red Data Port Modem Driver (page 89). Some applications, such as Dial-Up Networking, require the use of a modem driver in order to work. These applications must be able to control external modems Updating Network Software 86 automatically, and it is the modem driver that provides modem control information to the operating system and to the application that uses the modem driver. NOTE: The details of setting up the Windows operating system and applications after installing the vIPer Phone Modem Driver are not covered here. Refer to your Microsoft® Windows and application documentation and help files for more information. Other applications, such as HyperTerminal or ProComm, allow you to connect directly to the COM port to communicate to an external modem. For these applications, installation of a modem driver is not required. However, if you want to use the enhanced features of these applications, installation and use of the appropriate modem driver can provide extended abilities, such as the ability to have an application dial a number and connect you to the remote device. If you choose to have an application connect directly to a COM port without using a modem driver, you will typically have to provide all AT commands to the modem manually; most applications will not attempt to send commands to a modem without a modem driver. If you intend to control the TalkSECURE vIPer Phone by manually typing in commands, you should become familiar with the AT Commands supported by the TalkSECURE vIPer Phone and the responses to these AT Commands. Refer to AT Command Support (page 92) for more information on the supported AT commands. NOTE: Consult the program manual for your Host Computer’s terminal emulation application for details on how to create scripts and transmit AT Commands to the TalkSECURE vIPer Phone. 6.3 Red Data Port Control Modes The Red Data Port (RDP) supports three control modes: Command, Connecting, and Online. The Control modes are active during specific TalkSECURE vIPer Phone states. The Table 6.3-1 (page 88), shows the RDP Control modes versus TalkSECURE vIPer Phone states. Updating Network Software 87 Table 6.3-1: Red Data Port Control Modes RDP Control Modes vIPer Command Connecting Online States Idle, On or Off • Hook Clear • Voice Secure Call • Setup Secure • Voice Secure • •1 Data Key Data Port is not active. Generation 1 This is the default mode for Secure Data. 6.3.1 Command Mode When the RDP is in the Command mode, you can send AT commands to control the local vIPer Phone. When the vIPer Phone is in the Secure Data state, you may transition from the Online mode to the Command mode by sending the escape sequence (+++) to the local vIPer Phone. To return to Online mode from Command Mode, send the Online AT Command (ATO). NOTE: The “+++” must be preceded and followed by one-second guard time of sending no data. NOTE: After you enter a “+++” to enter the Command mode, your TalkSECURE vIPer Phone will be unable to receive Secure Dial digits or a Mode Change until you type “ATO” to return to the Online mode. Once back in Online mode, you will receive the Secure Dial digits or Mode Change that were sent earlier. 6.3.2 Connecting Mode When the RDP is in the Connecting mode, the TalkSECURE vIPer Phone is communicating with the far-end equipment to establish a data call. When a Secure Data call is being setup (i.e., after the Answer AT Command (ATA) or Dial AT Command (ATD) is sent to the TalkSECURE vIPer Phone but before the CONNECT response is received from the TalkSECURE vIPer Phone), any character sent to the TalkSECURE vIPer Phone from your Host Computer (or Data Terminal Equipment - DTE) causes the TalkSECURE vIPer Phone to return to the Idle, On Hook state (thus terminating the call and causing the TalkSECURE vIPer Phone to reenter the Command mode). Updating Network Software 88 6.3.3 Online Mode When the RDP is in the Online mode and the TalkSECURE vIPer Phone is in the Secure Data state, the Host Computer receives and transmits data asynchronously from and to the far-end equipment. That is, the TalkSECURE vIPer Phone is encrypting asynchronous data received from your local Host Computer and sending it to the far-end, and decrypting data received from the far-end and then sending it to your local Host Computer. AT command processing does not occur in Online mode. To enter Command mode, send the escape sequence (+++) to the TalkSECURE vIPer Phone. To return to Online mode from Command Mode, send the Online AT Command (ATO). NOTE: The “+++” must be preceded and followed by one-second guard time of sending no data. NOTE: After you enter a “+++” to enter the Command mode, your TalkSECURE vIPer Phone will be unable to receive Secure Dial digits or a Mode Change until you type “ATO” to return to the Online mode. Once back in Online mode, you will receive the Secure Dial digits or Mode Change that were sent earlier. 6.4 Red Data Port Modem Driver The modem driver for the TalkSECURE vIPer Phone allows applications running on your computer to communicate with the vIPer Phone, either directly or through the Windows operating system. The modem driver defines the set of AT (i.e. modem) commands that TalkSECURE vIPer Phone supports for various modem operations. The modem driver is included on your distribution CD and may also be obtained by contacting Customer Support (page 115). 6.4.1 Installing the Red Data Port Modem Driver To install the Red Data Port Modem Driver on your computer, follow these steps: 1. Close or disable any programs that normally use the COM port you are planning to connect to the vIPer Phone. 2. Connect the PC to the Red Data Port (either the USB or RS-232) of the vIPer. 3. Insert the CDROM into the computer’s CDROM drive. Otherwise, ensure that this Driver file is accessible to the computer on the local hard drive or via a computer network connection. Note: Driver file name format is: sectera_viper_x.inf, where ‘x’ is a multi-character Driver file version number. 4. Click on the Start menu and select Control Panel. The Control Panel window will pop up. Select Phone and Modem Options. A Phone and Modem Options window will pop up. 5. On the Phone and Modem Options window, select the Modems tab. 6. On the Modems Properties window, click the Add button. The Add Hardware Wizard window will pop up asking if you want Windows to detect a new modem. Updating Network Software 89 7. On the Add Hardware Wizard window, put a check mark into the “Don’t detect my modem; I will select it from a list.” option. Click the Next button. Windows will gather information on all of the modem types it has stored internally, and will display this information. 8. On the Add Hardware Wizard window, click the “Have Disk” button. (Do this even if the Driver file is on the local hard drive or on the local network.) An Install From Disk window will pop up. 9. On the Install from Disk window, select the drive and directory containing the Sectéra Driver file (sectera_viper_x.inf where ‘x’ is a multi-character version number). You may use the Browse button of this window to locate the file on any local computer drive or in the Network Neighborhood and click the Open button. 10. Once the directory containing the Driver file has been highlighted on the Install From Disk window, click the OK button. 11. The Host Computer will read the Driver file and will display a list of modem drivers that can be installed. 12. A warning message will appear at the bottom of the Add Hardware Wizard window saying: “This driver is not digitally signed”. This is because the sectera_viper_x.inf file is not digitally signed. Ignore this message. 13. Select the “Sectera vIPer Phone”. Click the Next button. 14. The Install New Modem window will display a list of COM ports to which you may attach the vIPer Phone. Select the COM port or ports you want to use with your vIPer Phone(s) and click the Next button. 15. Windows XP will attempt to install the modem driver and will indicate the successful installation in the Install New Modem window. Press the Finish button to complete the installation. 16. The Modems Properties window will now display the newly installed vIPer Phone modem. The default properties should suffice for normal use at a data port rate of 115,200 bps. If you wish to change these settings, click the Properties button. Note that the vIPer Phone only supports Hardware Flow Control, 8 bit data, 1 stop bit, and no parity. The data port rate of the vIPer Phone must match the data port rate on the Host Computer set in the Modem Properties setting. See section 5.2.6.3.1 Data Port Rate for information on changing the data port rate of the vIPer Phone. 17. Select the newly installed vIPer Phone modem driver and click the OK button. 18. Installation of the vIPer Phone modem driver is now complete. Re-start the computer to make all of the settings take effect. If you want to use the vIPer Phone for Dial-Up Networking, refer to the Microsoft® Windows documentation for setup instructions for these abilities. 6.4.2 Uninstalling the Red Data Port Modem Driver To uninstall the Red Data Port Modem Driver on your computer, follow these steps: 1. Disconnect the vIPer Phone from the computer. Updating Network Software 90 2. Click on the Start menu and select Control Panel. The Control Panel window will pop up. Select Phone and Modem Options. A Phone and Modem Options window will pop up. 3. On the Phone and Modem Options window, select the Modems tab. 4. On the Modems window, highlight the vIPer Phone and click the Remove button. 6.5 USB Red Data Port Driver Installation and Use The USB Red Data Port Driver is included on your distribution CD and can also be obtained by contacting Customer Support (page 115). This driver must be installed on your computer before you can use the USB Red Data Port on the vIPer Phone. The USB Red Data Port driver creates a virtual COM port on your computer and generally assigns the next highest COM port to the USB Red Data Port. For example, if you have a computer with no modem, it will create COM3 and assign it to the USB Red Data Port. If you have a computer with a modem, it will create COM4 and assign it to the USB Red Data Port. 6.5.1 Installing the USB Red Data Port Driver To install the USB Red Data Port Driver on your computer and connect your computer to the USB Red Data Port, follow these steps: 1. Insert the distribution CD into your CD drive. Open the Utilities Folder and then the USB Red Data Port Driver Folder. 2. Double click on PreInstaller.exe. The Install Driver window will appear. Click on Install. You will see Installation Successful. 3. Plug one end of the USB cable into the SECURE DATA/FILL USB port on the back of the vIPer Phone and the other end into the USB port on your computer. 4. The Welcome to the Found New Hardware Wizard window will appear. 5. Click on No, not this time and then click Next. 6. Click on Install from a list or specific location (Advanced) and then click Next. 7. Click on Search removable media (floppy, CD-ROM…) and click Next. 8. The Completing the Found New Hardware Wizard window will appear and will say “The wizard has finished installing the software for CP210x USB Composite Device”. Click Finish. 9. You have successfully setup the USB. Now repeat steps 4 through 7 to setup the COM bridge 10. The Completing the Found New Hardware Wizard window will appear and will say “The wizard has finished installing the software for CP210x USB to UART Bridge Controller”. Click Finish. 11. The Found New Hardware balloon will appear in bottom right corner of your computer screen and say “Your new hardware is installed and ready to use”. After the driver is installed, you can use the USB Port of your computer with any serial communication application to control the vIPer Phone (e.g. send AT commands or perform a security software update). Updating Network Software 91 6.5.2 Creating a Basic HyperTerminal Session To communicate with your vIPer Phone using HyperTerminal, follow these steps: 1. On your vIPer Phone, press the Security soft key and then set the Configuration Menu->Red Data Port->Data Port Rate to 9600. 2. On your computer, click Start, located in the lower left-hand corner. 3. Click Programs. 4. Click Accessories. 5. Click Communications. 6. Click HyperTerminal. A HyperTerminal window will appear. 7. Enter a descriptive name, select an appropriate icon, and click OK. 8. Select the COM Port you wish to use from the pull down menu next to “Connect using:” and then click OK. 9. Select the following and then click OK: Bits per second: 9600, Data bits: 8, Parity: None, Stop bits: 1 and Flow control: Hardware 10. On the HyperTerminal screen, type “AT”, press ENTER, and verify that “OK” is displayed. You should see information similar to this displayed on the HyperTerminal bottom bar: “Connected: 00:00:07 Auto detect 115200 8-N-1”. Once this occurs, you have a working HyperTerminal session. This proves that the USB Red Data Port is working. 11. The most common errors that have occurred if you get no “OK” response are that the baud rate is set incorrectly or the wrong COM Port has been selected. If you are unable to see the text you typed or if you get a “0” response, type “ATE1V1” and press ENTER. Then type “AT”, press ENTER, and verify that “OK” is displayed. 6.5.3 Uninstalling the USB Red Data Port Driver If you have any problems using the USB Red Data Port Driver, remove and reinstall the driver. To uninstall the USB Red Data Port Driver, follow these steps: 1. Access the Control Panel on your computer. 2. Select Add or Remove Programs. 3. Select CP210x USB to UART Bridge Controller. 4. Select Change/Remove. To reinstall the USB Red Data Port Driver, see Installing the USB Red Data Port Driver (page 91). If you continue to have problems, contact Customer Support (page 115) for assistance. 6.6 AT Command Support This section describes the AT commands supported by the TalkSECURE vIPer Phone. 6.6.1 AT Command Message Format The AT command set has the following format: AT XX [YYYY]<CR>. The format is described in Table 6.6-1. Updating Network Software 92 For details about a particular command and its response, refer to AT Command Set (page 93). All commands will return a response in the verbose format (e.g., OK vs. 0). Table 6.6-1: AT Command Format Command AT XX [YYYY] <CR> 6.6.2 Meaning The two-character string prefix used to define an incoming command. Commands may be upper or lower case. The ‘A’ and the ‘T’ must be the same case (e.g., either “at” or “AT”). A character string used to represent a command. This string is case insensitive. For additional details, refer to the AT Command Set in Table 6.6-2 (page 93). A character string used as a data field for the command. This string is optional for some AT Commands and is case insensitive. If not present, the message contains no data OR the default data parameter is evaluated as 0. For additional details, refer to the AT Command Set in Table 6.6-2 (page 93). All AT commands (or command strings) are terminated with a carriage return (ASCII 0D(hex)). AT Command Strings AT commands can be strung together bounded by a single “AT” and <CR>. In general, the AT command string has the following string command format: AT XX[YYYY]AA[BBBB]CC[DDDD]…<CR> Where XX, AA, and CC are commands with their respective parameters shown in brackets [ ]. The AT string may consist of any number of commands in a sequence up to a maximum character length of 143 including the AT and <CR>. A single response will be issued for the command string, unless there are commands in the string for which special data is also returned. If an error is detected in the command string, a single error response is issued. Commands up to the error are performed, while subsequent commands in the string are ignored. 6.6.3 AT Command Set The AT commands supported by the vIPer Phone and the expected responses to the commands are listed in Table 6.6-2 (page 93). For error responses and descriptions, see Table 6.6-5 (page 102). Some AT Commands require Access Control to be satisfied to allow the command to be accepted. AT Command Access Control is satisfied by entering the Master PIN when the Updating Network Software 93 Restricted Access model is active or by entering the User ID PIN when the Controlled Access model is active. Refer to Access Control Models (page 26) for more information. Table 6.6-2 (page 93), describes the AT commands supported by your phone for use in remote control situations. AT commands can be sent to the phone via the Red Data Port or Red USB Port using a terminal emulation program. If you get an error response when you enter an AT command, see Table 6.6-5 (page 102) for the error description. Table 6.6-2: AT Commands AT Command ATA Data Format Function Response none Answer Call - Directs the vIPer Phone to establish a Secure Data call by going off-hook (when onhook), establishing the digital pipe, and then establishing a secure call. This command should be used to initiate a Secure Data call from a Clear Voice call or when on-hook, to answer an incoming call. “CONNECT <data rate>” or “NO CARRIER” Note: ATA should be the last command in a command string; otherwise, the commands following the ‘A’ are ignored. Updating Network Software 94 AT Command ATDn Data Format Function Response Values for n: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, *, #, A, B, C, D Any characters not listed are ignored. Directs the vIPer Phone to go off- “CONNECT hook, dial number n (if present), <data rate>” or then enter the Secure Responder “NO CARRIER” state and wait for the remote SCIP device to initiate SCIP signaling. The Dial AT Command (ATD) may be aborted and the call placed on hook at any time by sending a character to the DATA port. <data rate> is the maximum data rate the modem will support for the call but this does not indicate the maximum user data rate due to SCIP security overhead data. Note: ATDn should be the last command in a command string; otherwise, the commands following the ‘Dn’ are ignored. Updating Network Software 95 AT Command ATDr ATE ATHn Data Format Function Response Values for r: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, *, #, A, B, C, D Secure Dial – When a secure session is in place, any digits entered after the ATD command are encrypted and sent to the remote device. “OK” or “ERROR” H Hookflash R Hookswitch Note: ATDr needs to be the last reset command in a command string; E End of dialing otherwise, the commands F Go off-hook following the ‘Dr’ are ignored. T Use tone dialing N Go on-hook P Use pulse dialing , Pause in dialing, causes a 1 second delay to be inserted in DTMF tones at playback on remote side. ; Ignore the ‘Dn’ message preceding the ‘;’ and ignore any follow-on commands after the ‘;’ that are part of the command line. Any characters not listed are ignored. 0 = Disabled Directs the vIPer Phone to echo 1 = Enabled received characters back to the (Default) Host Computer. 0 = On-hook Directs the vIPer Phone to go on1 = Off-hook hook or off-hook. “OK” or “ERROR” “OK” or “ERROR” Note: ATH1 is ignored. Updating Network Software 96 AT Command ATI10 Data Format Function Response none I10:<TSN> ATI11 ATO ATQ none none 0 = Enable return of result code. ATSn=v none ATV 0 = terse 1 = verbose none Report Product TSN (Terminal Serial Number) Report Version Number Return to On-line Data Mode Enables or Disables the sending of result codes to the DTE. For compatibility only, the return of result codes cannot be disabled. For compatibility only, has no effect on the vIPer Phone. The n=v information is ignored. Result Code Form ATZn Sets the value of Echo to 1 (Echo On). The value ‘n’ is ignored. I11:<versions> 3 OK or ERROR OK OK OK or ERROR OK or ERROR This command needs to be the last command in a command string; Display current terminal OK or ERROR configuration: echo and verbose settings and the straps associated with the AT~FH command. Deletes all entries in the specified OK or ERROR directory. AT&Vn 0 = Display current terminal configuration. AT~CD AT~DA AT~DB 0 = Personal Contacts (default) 1 = Inbound Calls 2 = Outbound Calls 3 = Speed Dial none none AT~DD none Request Display Lines AT~DE none Network Status AT~DG none Power On Self Test (POST) Status Clear Status Buffer Report Status Buffer OK Variable length buffer contents Variable length text Variable length text Variable length text 3 Versions consists of a concatenation of processor versions in the format “MMMMmmmmbbbb” where MMMM is the major version, mmmm is the minor version, and bbbb is the build number. The order of versions is: SCP Boot, SCP Oper, VP Boot, VP Oper, FPGA, Network Proc Boot, Network Proc Oper, Network Proc Cure, HMI Boot, HMI Oper. Updating Network Software 97 AT Command AT~FA Data Format Function Response none Request Far-end Authentication AT~FH variable length code per Table 6.6-4 2-digit code per Table 6.6-3 Set Straps Variable length text OK or ERROR AT~FX AT~FZ Octets 0-1 see Table 6.6-3, octets 2-3 keypress count, range 01 to 99 none A = all Multiple Remote Keypress – effectively actuates a keypress from 1 to 99 times. Example: AT~FMK1402 presses the EXIT key two times. System Retest Zeroize all Keys and User IDs AT~FZ C AT~TE Zeroize Confirmation. Must be sent immediately after AT~FZ above to confirm zeroize request. Backlight Control Example: AT~TE0,3 sets backlight to mid 0,x where x = 0 – off 1 – low 2 – low/mid 3 – mid 4 – high/mid 5 – high xx, where xx is in Contrast Control the range 00 (lowest) to 11 (highest) AT~FK AT~FMK AT~TF Remote Keypress OK or ERROR, depending on code OK or ERROR depending on code OK OK or ERROR OK OK or ERROR OK or ERROR Table 6.6-3: Keypress Codes Code 00 01 02 03 04 05 06 07 08 09 Key 0 1 2 3 4 5 6 7 8 9 Code 11 12 13 14 15 16 17 18 19 1A Updating Network Software Key CLEAR Scroll down ENTER EXIT Scroll Up MODE Soft key 1 Soft key 2 Soft key 3 Soft key 4 Code 20 21 20 21 22 23 24 25 26 27 Key SPEAKER HEADSET SPEAKER HEADSET REDIAL DIRECTORY CONFERENCE SPEED DIAL VOICE MAIL FLASH 98 Code 0A 0B 10 Key * # Code 1B 1C SECURE 1D Key Soft key 5 Soft key 6 MUTE Code 28 29 Other Key HOLD LINE Responds with Error Table 6.6-4: Set Straps Data Fields Field Value (ASCII) Data[0...1] Strap ID: 01 – Set Voice Min/Max Security Level 07 – SCIP Timeouts 08 – Set Data Min/Max Security Level 0B – Auto Lock 13 – Secure Voice Application Control 15 – Secure Data Application Control 16 – Auto Answer Ring 20 – Allow Speakerphone 23 – Allow Black Computer Port 25 – Allow Web Management Others – Reserved – do not use Data[2..5] Set Voice Min/Max Security Level: NOTE: Access control must be satisfied before this command will be accepted. Data[2...3] sets the minimum voice security level, while Data[4...5] sets the maximum voice security level. Min/Max Encoding: 0F = Secure APK 10 = Protected Example: AT~FH010F10 sets the min voice level to Secure APK and the max voice level to Protected. Data[2...3] SCIP Timeouts Strap: 01 = Normal 02 = Extended 1 04 = Extended 2 07 = Extended 3 Example : AT~FH0702 selects Extended 1 SCIP timeouts Updating Network Software 99 Field Data[2..5] Value (ASCII) Set Data Min/Max Security Level: NOTE: Access control must be satisfied before this command will be accepted. Data[2...3] sets the minimum data security level, while Data[4...5] sets the maximum data security level. Min/Max Encoding: 0F = Secure APK 11 = Protected Example: AT~FH080F10 sets the min data level to Secure APK and the max data level to Protected. Data[2...5] Auto Lock Strap: NOTE: Access control must be satisfied before changes are allowed. See also Auto Lock (page 72). Octets 2-3: 01 = Enabled 02 = Disabled Octets 4-5: 01 – 99 = the PIN timeout value in minutes. If the strap is set to Disabled, you must still provide Octets 4-5, but they are ignored by the phone. Example: AT~FH0B0115 enables Auto Lock and sets the timeout to 15 minutes. Data[2...3] Secure Voice Application Control Strap: NOTE: Access control must be satisfied before changes are allowed. See also Secure Application Control (page 74). 01 – Enabled + AutoSecure (ASEC) ON 02 = Enabled + AutoSecure (ASEC) OFF 04 = Secure Voice Disabled (not recommended) Example: AT~FH1301 enables AutoSecure for voice. Updating Network Software 100 Field Value (ASCII) Data[2...3] Secure Data Application Control Strap: NOTE: Access control must be satisfied before changes are allowed. See also Secure Application Control (page 74). 01 – Enabled + AutoAnswer (AANS) ON 02 = Enabled + AutoAnswer (AANS) OFF 04 = Secure Data Disabled Example: AT~FH1501 enables AutoAnswer (AANS) for secure data. Data[2...3] Secure Data Auto Answer Ring Strap: NOTE: Access control must be satisfied before changes are allowed. See also Secure Application Control (page 74). 01 – 09, the ring on which to auto answer secure data, if it is enabled Example: AT~FH1601 will answer on the 1st ring. Data[2...3] Allow Speakerphone Strap: NOTE: Access control must be satisfied before changes are allowed. See also Secure Application Control (page 74). 01 – Enabled 02 = Disabled Example: AT~FH2001 disables Speakerphone use. Data[2...3] Allow Black Computer Port: NOTE: Access control must be satisfied before changes are allowed. See also Secure Application Control (page 74). 01 – Enabled 02 = Disabled Example: AT~FH2301 disables the Black Computer Port. Data[2...3] Allow Web Management: NOTE: Access control must be satisfied before changes are allowed. See also Secure Application Control (page 74). 01 – Enabled 02 = Disabled Example: AT~FH2501 disables Web Management. Updating Network Software 101 Table 6.6-5: AT Command Error Codes Error Code 0000 0001 0003 0004 0005 0006 000B 000C 000D Description Category Processing Error Message Not Supported Invalid State Invalid Data CRC or Signature Failure Master or User ID PIN Not Entered Secure Call Setup Failure Parameters Out of Order Overflow Failed to process the command due to an internal error. The message was not a recognizable AT Command. The AT Command is invalid in the current vIPer Phone state. Some or all data was out of range or the data string was of incorrect length. The received data failed the associated CRC or Signature check. The Master or User ID PIN needs to be entered before this command is acted on. Refer to Access Control (page 26) for additional information. The secure call could not be setup. Refer to Table 4.2-3 (page 49). Parameters which need to be entered in a specific order have been entered in the wrong order; e.g. ACL Header after DAO, or DAO after KMID. An attempt has been made to enter too many parameters in a list with a limited number of parameters; e.g. more than 500 DAO and KMID parameters in the ACL list. Updating Network Software 102 7 Updating Network Software Because the vIPer Phone must support many different networks it is necessary to provide the ability to separately update the network software. The Code Upgrade process is the means whereby the network software is updated. Normally your Network Administrator will ensure that you have the proper network software for your installation. Should you need to update the network software yourself, consult the Sectéra and TalkSECURE vIPer Phone Administrator’s Manual. Updating Network Software 103 8 Updating Security Software The security software is separately updateable from the network software. You may obtain the software update package from your Security Administrator or by contacting Customer Support (page 115). Follow your organization’s procedures for obtaining and loading software. Refer to the Sectéra and TalkSECURE vIPer Software Update User’s Manual, included on the distribution CD packed with your vIPer Phone, for detailed instructions on updating your security software. Updating Security Software 104 9 User Maintenance The vIPer Phone requires the following minimal maintenance: • Periodically cleaning the case with a soft, dry cloth, • Checking the condition of the case, cables, and connections, and • Periodically charging the internal battery if the phone is disconnected from a power source for long periods of time. WARNING: The vIPer Phone is equipped with an internal lithium ion rechargeable battery that provides power to critical circuitry. If this battery is allowed to discharge, your phone will lose its ability to place secure calls and will display “Tamper Detected.” The battery is sized to provide power to the circuitry for 48 months without recharging. If the phone is stored for long periods of time, it should be plugged into a power source for a minimum of two hours every 48 months to recharge the battery. If the phone is stored at extreme temperatures, either hot or cold, it should be recharged more frequently. Store the phone in a cool, dry location (e.g. office environment) when not in use. There are no user serviceable parts inside. Opening the case will render the phone cryptographically incapable. The case has tamper evident seals and is designed to facilitate inspection for tamper detection in environments where this is a concern. WARNING: Opening the case of the vIPer Phone will render it cryptographically incapable. Should a phone be opened it can still be used in the clear (assuming no circuitry is damaged in the process) but cannot place or receive secure calls. You must return the phone to General Dynamics for servicing. General Dynamics may refuse service if it sees evidence of tampering. User Maintenance 105 10 If You Have Problems If you encounter problems using your phone, we suggest you first ensure that you have followed the instructions in this guide and any applicable supplements. Then work through the Troubleshooting Guide and finally call your Network Administrator for help. If these attempts fail to fix the problem, call Customer Support (page 115) for additional help. 10.1 Troubleshooting Guide Table 10.1-1: Troubleshooting - General Problems Problem Display is blank Fault Lack of power The display shows: Internal error Error Detected Please Wait While Phone Resets The top level menu Internal error is never displayed. The display indicates Tamper Loss of tamper variables Detected If You Have Problems Solution If your network provides Power over Ethernet (PoE): Verify that the Ethernet cable from the network is connected to the 10/100 LAN connector. Try connecting the provided power adapter inline with your Ethernet cable. If the phone powers up, it is likely that your PoE is not compliant or your Ethernet connection is wired incorrectly. If your network does not provide PoE: Verify that the provided power adapter is connected correctly and that the wall outlet has power. It is easy to reverse connections on the power adapter. Write down the eight digit error code shown on the display, then disconnect the 10/100 LAN cable and reconnect it. If this fails to correct the problem, contact Customer Support (page 115). Disconnect the 10/100 LAN cable and reconnect it. If this fails to correct the problem, contact Customer Support (page 115). This display can result from a number of conditions: • The internal lithium battery has failed. • Someone pressed the Depot Return switch (see Returns on page 115). • Someone has attempted to open the case or otherwise tamper with the phone. Contact Customer Support (page 115) for repair. 106 Table 10.1-2: Troubleshooting - Menu Access and Use Problem The display never shows the date or time Fault Network time server access The PIN Menu option is not displayed You are unable to enter the Key Management Menu The Software Verification Result is Software Verify Access Control Configuration Tamper detected Solution This problem can result from a number of conditions: • Network time server does not support SNTP • Your network does not have a time server • The time server address is configured incorrectly. Contact your Network Administrator. Not having a time display will not adversely affect the operation of the phone. Your vIPer Phone has not been configured with the Controlled or Restricted access control model. See Access Control (page 26) for more details. Your phone may have been tampered and must be returned for repair. Call Customer Support (page 115). Security software compromised Notify your security authority. DO NOT ATTEMPT TO PLACE A SECURE CALL. Contact Customer Support (page 115). Deleted Master PIN To recreate the Master PIN you first have to delete all existing Users. This will consequently delete all key material. You can then recreate the users and install new key material. Failed The Master PIN is not accepted and the Security Menu is not accessible If You Have Problems 107 Table 10.1-3: Troubleshooting - Network Issues Problem The top level display shows “Unable to Register Phone” or “No CCM Available” Cannot access voice mail Fault Phone cannot reach registrar Solution Disconnect and reconnect the network cable attached to the phone. Contact your Network Administrator if the problem persists. Unable to reach voice mail server Calls are not being forwarded. Various The phone never rings. Network connectivity issues Voice quality is poor. Speech is choppy or missing segments. Calls may occasionally be dropped. Network congestion This could indicate several possible problems: • Your voice mail server is down. Contact your Network Administrator. • Your network does not provide voice mail service. This could indicate one or more problems: • Forwarding is not enabled for your phone. Contact your Network Administrator. • You are trying to forward to an inactive number. Try forwarding to a different number. • You are trying to forward off-network and have no offnetwork connectivity. Contact your Network Admin. Have someone call your phone to verify there is a problem. If it still does not ring, check the following: • Your phone may not be registered. Check the on-hook top level display for the message “Unable to Register Phone” or “No CCM Available” – contact your Network Administrator. • Your telephone line may not be active or you may be connecting to the wrong telephone jack. Contact your Network Administrator. • Your phone may be forwarding all your calls. Contact your Network Administrator. Note: The congestion may be on an external network and your local Network Administrator may not be able to correct the problem. DHCP Server Unavailable is The phone cannot obtain an IP address. Contact your Network Administrator. Your Network Admin may be changing the configuration. Because your Network Administrator may be changing your phone’s configuration, you will want to wait until the Phone Unavailable display goes away. Then, your phone will recycle power. displayed instead of the local phone number. Phone Unavailable is displayed. If You Have Problems 108 Table 10.1-4: Troubleshooting - Software Update (Security Software) Problem Attempted to software update the phone and the PC Updater Application indicated that the phone could not be updated, or update “freezes”. The PC Updater application reports: ERROR: Invalid Product Code The PC Updater application reports: ERROR: CommPortError The PC Updater application reports: ERROR: AT ERROR response received Fault Various Solution • Verify that the phone is receiving power. This may require connecting the power adapter if you are not receiving power from the Ethernet connection. Try removing and reapplying power. • Verify that the phone is properly connected to the host computer providing the update. • Use PC Updater 2.3 or later. If the problem persists, contact Customer Support (page 115). Incorrect software Obtain the correct software update package and try update package again. Host computer port configured incorrectly Verify that PC Updater Baud rate is set for 57600. Remove and reapply power to the phone and try again. Phone not entering software update. Try the following: • Enter the Master PIN if the phone is in the Restricted mode or the UserID PIN if in the Controlled mode. • Verify that the phone’s Configuration Menu Data Port Rate is set to 9600. PC Updater establishes communication with the phone at 9600 and then switches to the Baudrate displayed on its toolbar (e.g., 57600) to send the software packets. • If you are in Restricted mode and the Master PIN has been deleted, the phone will display Master PIN Reqd No Master PIN. You will need to delete all UserID PINs, which will consequently delete all key material. You can then perform Software Update. After the update, you will have to regenerate/reload all key material and recreate users. • If you are unable to enter the Key Management Menu, your phone may have been tampered. Contact Customer Support (page 115). If You Have Problems 109 Table 10.1-4: Troubleshooting - Software Update (Security Software) continued Problem The software update stops at a high packet number (e.g. 44) with internal SCP error (0X51) and indicates “suseresponse-timerexpired” Fault The computer is sending data too slowly. The PC Updater PC Updater is not application reports: communicating “ERROR: Timeout with the phone on AT command, resending,” followed by “ERROR: Too many timeouts, stopping update” Software Update appeared to finish, but the phone never displays its top level menu. Incomplete software update. If You Have Problems Solution Try the following: • Place the software update file (.spd) on your desktop • Restart PC Updater and reload the update file for each software update • Make sure you are using a standard serial cable – not a null modem cable. • Try a different COM port. Sometimes COM3 is used as a modem port – avoid this port. • Reboot your host computer. • Try a different (faster) host computer. If problems persist, contact Customer Support (page 115). Try the following: • Verify the phone’s Configuration Menu Data Port Rate is set to 9600. • Re-power the phone, restart PC Updater, and try again • If you are using a USB to serial adapter, try a plain serial cable instead. • Verify that you are using a plain serial cable, not a null modem cable. • Try a different COM port. Sometimes COM3 is used as a modem port – avoid this port. If the problem persists, contact Customer Support (page 115). Repeat the software update process. 110 Table 10.1-5: Troubleshooting - Network Software Upgrade (Code Upgrade) Problem Phone displays Terminal Unavailable – Code Upgrade Required – Contact System Admin Fault Phone requires an update of the network processor software If You Have Problems Solution The phone waits for a Code Upgrade file to be uploaded via its Web Interface and will not service any calls. Connect a PC to the LAN port using a cross-over cable and browse to the address of http://192.168.1.3 to start the Code Upgrade process. More detail is in the Sectéra and TalkSECURE vIPer Phone Administrator’s Manual. See your COMSEC Custodian or Network Administrator if you need help. 111 Table 10.1-6: Troubleshooting - Group Key Processing Problem Cannot go secure using a specific Group Key – No Common Key is displayed. The phone has Group Keys and goes secure displaying SECURE APK or PROTECTED without <display ID> information. The phone has Group Key and cannot go secure with phones that do not have Group Key Fault No matching group key Solution This scenario most often occurs when Group Key is entered manually into the phone. Use the Group Key Manager to load the keys if at all possible. If not, verify that the key was entered correctly in all phones that share the same group key. Finally, be sure that the phone you are trying to go secure with has the same group key as your phone and is really the phone you think it is. After all, the purpose of Group Key is to prevent going secure with unauthorized phones. No common Either: Group Key and • One or more Group Keys has the Mandatory Non-mandatory Exclusion Flag set to False, or Group Key use • The Display ID field in the key is empty Note: Neither of these conditions is necessarily a problem. You should check with your Security Authority if you are unsure how your phone should behave in a given situation. If any Group Key has the Mandatory Flag set to FALSE the phone is not required to use any Group Key. All of the phone’s Verify with your Security Authority that you are Mandatory allowed to go secure with phones that do not have Exclusion Flags Group Key. If allowed, load a Group Key that has a are set to TRUE Mandatory Flag set to FALSE. If You Have Problems 112 Table 10.1-7: Troubleshooting - Clear Call Processing Problem Unable to place a clear call Fault Phone has lost connectivity Unable to reach off-network phones Unable to reach off-network phones when dialing from the inbound call history Gateway unreachable Off-network dialing If You Have Problems Solution Remove and reapply power to the phone. If this does not correct the problem, consult your Network Administrator. Either the gateway is down or unreachable. Verify with your Network Administrator that the gateway is operational. Often you are required to dial 9 (or some other digit) to seize an off-network line. From the inbound call history, select the number you wish to dial, press View/Edit Dial, scroll to the first digit, and press the special access code (usually 9). Go off-hook to initiate the call. 113 Table 10.1-8: Troubleshooting - Secure Call Processing Problem The APK Key was generated or UnivCert was enabled, but the phone indicates it is not keyed Fault APK was zeroized or UnivCert was disabled The phone will not go secure with another SCIP compatible phone • • • • • If You Have Problems Solution Check the following: • Were all User IDs deleted? • Did someone activate the Depot Return switch (see Returns on page 115)? • Did someone zeroize the APK key? • Has the phone been compromised (e.g. case opened)? Regenerate the APK key or enable the UnivCert and try again. If the phone still indicates it is not keyed, contact Customer Support (page 115). You have • Verify that both phones have compatible Group incompatible Key, that both phones have at least one Group Group Key, or Key with the Mandatory Exclusion Flag set to FALSE, or that you are using Group Key. a phone (local or remote) is • Verify that both phones have generated an APK not keyed, or key or that both phones have enabled the UnivCert. Secure Voice Min/Max • Verify that the Secure Voice Min/Max levels on levels are both phones overlap each other. incompatible, • Verify that the Secure Data Min/Max levels on or both phones overlap each other. Secure Data • Try having the phone on the other end initiate Min/Max secure. levels are incompatible, or You may have network problems 114 10.2 Customer Support Before contacting General Dynamics for warranty service for the vIPer Phone, follow all programming and operating steps as prescribed in this guide. For technical questions or Maintenance/ Repair service information for the vIPer Phone, contact Customer Support: Toll Free: (877) 230-0236 Commercial: (410) 850-4893 DSN: 644-1139 Fax: (410) 487-0252 Email: infosecsupport@gdc4s.com 10.3 Returns Two recessed buttons are located under the base of your vIPer Phone. Do not depress either of these buttons unless instructed to do so by Customer Support. • • The Depot Return switch (DEPOT RTN) removes certain data from the phone that may make it difficult to troubleshoot and renders it cryptographically incapable. The Factory Use Only switch (FCTY USE ONLY) holds certain processors in reset. Aside from making the phone temporarily non-operational it has no lasting effect. It should not be actuated by a user. The General Dynamics Customer Support will provide detailed shipping and handling instructions, including assigning the Return Authorization Number to any user whose phone that requires service. When you contact Customer Support for shipping authorization, you will be given complete instructions regarding packaging and other safeguards. Plan on the following minimal guidelines for returning the vIPer Phone: • Include a description of the fault • Provide a return shipping address, contact name and phone number • Zeroize all key material and delete all users If possible, ship the vIPer Phone in its original shipping container. If You Have Problems 115 10.4 Warranty Terms and Conditions The vIPer Phone contains no user serviceable components. Any attempt to open the vIPer Phone voids the warranty. Seller warrants that all of its products sold hereunder will at the time of delivery be free from defects in materials and workmanship and will conform to Seller's applicable specifications or, if appropriate, to specifications accepted by Seller. Therefore, Seller's obligation hereunder shall be limited to, at Seller's option, either correcting, refunding the purchase price of or replacing any product for which written notice of nonconformance hereunder is received by Seller within the two-year warranty time from the date of delivery, provided that such nonconforming product is, with Seller's prior authorization, returned to Seller's plant within 30 days after such written authorization at Buyer's expense. Additional warranties may be purchased. IN NO EVENT WILL SELLER BE LIABLE FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES. This warranty shall not apply to any products in other than their original condition, or to any products which Seller determines have, by Buyer or otherwise, been subjected to operating and/or environmental conditions in excess of the maximum values in the applicable specifications or operating instructions, or otherwise have been the subject of misuse, neglect, improper installation, repair, alteration or damage. THIS WARRANTY EXTENDS TO BUYER ONLY AND NOT TO BUYER'S CUSTOMERS OR USERS OF BUYER'S PRODUCTS AND IS IN LIEU OF ALL OTHER WARRANTIES WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR PARTICULAR PURPOSE. Servicing of the vIPer Phone is limited to specific trained personnel. NO USER SERVICABLE PARTS INSIDE 10.5 Disposal The vIPer Phone contains materials that are not compliant with European standards for electronic products. These materials include lead-based solder and a lithium ion battery. Consult with local authorities before disposing of the phone. The phone should be disposed of in accordance with local regulations. If You Have Problems 116 11 General Information 11.1 Applicable Standards The vIPer Phone implements the following standards and protocols including: 11.1.1 SCIP-210 SCIP-231 Government Standards MELP AES SHA-1 Secure Communications Interoperability Protocol Signaling Plan Secure Communications Interoperability Protocol ECMQV/AES Cryptography Specification. Multiple Excitation Linear Prediction Vocoder specification Advanced Encryption Standard Secure Hash Algorithm-1 11.1.2 Internet Engineering Task Force (IETF) Standards (Only the most significant RFCs are listed) RFC 768 User Datagram Protocol (UDP) RFC 0791 Transmission Control Protocol / Internet Protocol version 4 (TCP/IPv4) RFC 2131 Dynamic Host Configuration Protocol (DHCP) RFC 2474 Differentiated Services Code Points (DSCP) RFC 2833 Real Time Protocol Payload RFC 3550 Real-time Transport Protocol (RTP) 11.1.3 V.150.1 G.729 G.711 11.1.4 RS232F 11.1.5 USB SCCP International Telephone Union (ITU) Standards Modem over IP specification Vocoder specification (annex A and D) Vocoder specification EIA/TIA Standards Serial port specification Other Standards Universal Serial Bus Specification (v1.1) Skinny Client Control Protocol General Information 117 11.2 Sectéra Product and Sales Information For other general product and sales information, you may contact Sectéra Product and Sales Information: Toll Free: 888-897-3148 Commercial: 781-455-2800 Fax: 781-455-5555 Email: infosec@gdc4s.com Visit the Sectéra Website at: www.gdc4s.com/sectera 11.3 Approvals and Compliance 11.3.1 EMI/EMC The vIPer Phone complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device must accept any interference received, including interference that may cause undesired operation. WARNING: Changes or modifications to the item not expressly approved by General Dynamics could void your authority to operate the equipment. The vIPer Phone also complies with EN55022 and EN50082-1. This class B digital apparatus applies to Canadian ICES-0003. General Information 118 11.3.2 Safety Approvals rd The vIPer Phone has been tested and found to comply with IEC 60950, 3 Edition, UL rd rd Std 1950, 3 Edition, CAN/CSA Std C22.2 950, 3 Edition, ACA, TS001-1997, Safety Requirements for Customer Equipment, and AS/NZS 3260-1993, Safety of Information Technology Equipment Including Electrical Business Equipment, including Amendments A1, A2, A3 and A4. 11.4 Applicable Patents Manufactured under one or more of the following U.S. patents: 6,219,420 5,341,427 D434,408 5,995,628 Other patents are pending. Universite de Sherbrooké, France, Télécom Nippon Telegraph and Telephone Corporation own or may own or have licenses to patents or copyrights necessary to comply with the G.729 Standard contained in the equipment or software named herein. General Dynamics reserves the right to make changes to its products and specifications at any time and without notice. 11.5 Specifications vIPer Phone Size Width 10 in. Depth 3 in. (without footstand) Length 9.5 in. Weight 4.5 lbs (with footstand) Volume 285 cu in. Red Interfaces RS-232 data port DS-101 Key Fill Headset port USB port Black Interfaces 10/100BaseT to LAN/WAN 10/100BaseT to Black Computer USB port Power General Information 119 vIPer Phone Powered over Ethernet (802.3af) -orAC power 110 to 220 VAC, 50-60 Hz 8 Watts maximum operating Speech Processing Non-secure: G.711, G.729A Secure: G.729D, MELP Environment MIL-STD-810F (temperature, humidity, vibration, shock and altitude) Operational 0ºC to +50ºC (32ºF to 122ºF) Storage –30ºC to +80ºC (–22ºF to +176ºF) Humidity 95% (non-condensing) Altitude Sea level up to 40,000 ft (non-operating) Sea level up to 10,000 ft (operating) VoIP Network Protocol Support IPv4 (IPv6 future upgrade) Cisco SCCP (Skinny Call Control Protocol) DHCP, DSCP, RTP, DNS, TFTP, HTTP, TCP, UDP, MoIP, E.164 Cisco Routers V.150.1 enabled Cisco Routers including 3700 and 3800 series Approvals Safety: UL 60950, EN60950, IEC60950 EMI/EMC: FCC Part 15 subpart B, Class B TEMPEST General Information 120 Index 2 24 Hour Retest................................................ 33 A AANS......................................................... 44, 76 Access Control 26, 27, 28, 29, 63, 64, 65, 66, 67, 68, 69, 70, 72, 73, 74, 75, 77, 78, 79, 81, 95, 108 Access Control Models 26, 27, 28, 63, 64, 65, 66, 67, 68, 69, 70, 72, 73, 74, 75, 77, 78, 79, 81 Add Users .................................. 28, 30, 65, 70, 72 Auto Lock.................. 29, 63, 73, 74, 75, 100, 101 Controlled Model27, 28, 29, 63, 64, 65, 66, 67, 68, 69, 70, 72, 73, 74, 75, 77, 78, 79, 81, 108, 110 Delete Users .................................... 30, 65, 66, 73 Master User 27, 28, 29, 30, 36, 50, 63, 65, 66, 70, 72, 73, 74, 75, 77, 78, 79, 81, 108, 110 PIN.. 26, 27, 28, 29, 30, 49, 50, 63, 64, 65, 67, 70, 72, 73, 74, 101, 108, 110 Restricted Model27, 28, 29, 63, 64, 65, 66, 67, 68, 69, 70, 72, 73, 74, 75, 77, 78, 79, 81, 108, 110 Uncontrolled Model 26, 27, 29, 63, 64, 65, 66, 67, 68, 69, 70, 72, 73, 74, 75, 77, 78, 79, 81 User ID . 26, 27, 28, 29, 30, 49, 50, 63, 65, 66, 67, 70, 72, 73, 110, 115 Accessories Headset5, 9, 10, 12, 15, 24, 25, 26, 35, 36, 53, 57, 61 PSTN Connect..................................................... 8 Push-to-Talk Handset .......................................... 9 Software Update Cable...................................... 10 Add to Spd Dial ......................................... 57, 60 Add User ............................................. 29, 30, 72 Administrator 7, 26, 27, 31, 33, 50, 64, 104, 105, 109, 112 Answer – ATA ................................................. 95 Answering a Call ............................................. 26 APK (Automatic Public Key) ..........................30 Application Control Secure Data........................................................ 76 Auto Answer Ring ................................................................. 76 Secure Voice...................................................... 75 Approvals and Compliance............................119 ASEC ....................................................41, 53, 75 AT Command Error Codes ........................... 103 AT Commands ................................................ 95 AT&V - Display Current Configuration and Last Connect Statistics .......................................... 98 AT~CD – Clear Directory................................. 98 AT~DA – Clear Status Buffer........................... 98 AT~DB – Report Status Buffer......................... 98 AT~DD – Request Display ............................... 98 AT~DE – Network Status ................................. 98 AT~DG – Power On Self Test (POST)............. 98 AT~FA – Request Far-end Authentication ....... 99 AT~FH – Set Straps .......................................... 99 AT~FK – Remote Keypress .............................. 99 AT~FMK – Multiple Remote Keypress............ 99 AT~FX – System Retest.................................... 99 AT~FZ – Zeroize............................................... 99 AT~TE – Backlight Control.............................. 99 AT~TF – Contrast Control ................................ 99 ATA – Answer .................................................. 95 ATD – Dial........................................................ 96 ATD – Secure Dial ............................................ 97 ATE – Echo ....................................................... 97 ATH – Disconnect............................................. 97 ATI10 – Report Product TSN ........................... 98 ATI11 – Report Version Number...................... 98 ATO – Return to On-line Data Mode................ 98 ATQ – Result Code Enable ............................... 98 ATS – Write S-Register .................................... 98 ATV – Result Code Form ................................. 98 ATZ – Soft Reset and Restore Profile............... 98 Command Set .................................................... 94 Command Strings .............................................. 94 Message Format ................................................ 93 Authentication text .........................................47 Auto Lock ........................................................73 Automatic Answer Secure Data ......................44 Automatic Public Key (APK).......................... 30 Automatic Secure Voice .................................. 41 B Backlight Control – AT~TE ............................99 Battery .................................. 2, 83, 106, 107, 117 Black Computer Port....................... 77, 100, 102 Black Digital Interface ......................................8 Black Interfaces.............................................120 C Call Setup Timeout..........................................49 CCM (Cisco Call Manager)............................109 Certificate Fail.................................................50 Change Security PIN....................................... 64 Cisco Call Manager (CCM) ........................... 109 Cisco Routers .................................................121 Clear Calls ....................................................... 24 Answering a Call ............................................... 26 Changing Precedence ........................................ 25 Off-Hook dialing ............................................... 24 On-Hook dialing................................................ 24 Clear Directory – AT~CD ...............................98 Clear Event Buffer........................................... 79 CLEAR key .......................................... 15, 48, 49 Clear Status Buffer – AT~DA .........................98 Command Mode .............................................88 Communication Error ....................................50 Compliance ....................................................... 2 EMI/EMC................................................ 119, 121 Safety............................................... 1, 2, 120, 121 Telco.................................................................... 9 TEMPEST ....................................................... 121 TSG ..................................................................... 8 CONF key .................................................. 16, 35 Configuration AANS .............................................................. 100 SCIP Timeouts .................................... 50, 82, 100 Secure Data Application Control .................... 100 Secure Voice Application Control .................. 100 Configuration Menu ....................................... 81 Data Port Mode ................................................. 82 Data Port Rate ................................................... 82 Network Settings ............................................... 81 Preferred Security Mode ................................... 83 Red Data Port .................................................... 82 SCIP Timeout .................................................... 82 View Fill Status ................................................. 81 CONNECT....................................................... 43 Connecting Mode............................................88 Contrast Control – AT~TF ............................. 99 Control Modes ................................................................ 88 Controlling the vIPer via the Red Data Port .. 87 Crypto Verification Failed .............................. 49 Cryptography APK Group/Keypad .......................................... 70 Automatic Public Key1, 30, 31, 32, 33, 48, 50, 63, 65, 66, 67, 68, 69, 70, 115 Enable UnivCert .................................... 30, 68, 69 Encryption ....................................................... 118 Encryption Key...................................... 30, 31, 48 Generate APK............................ 28, 30, 50, 68, 69 Group Key 1, 7, 30, 31, 32, 33, 48, 50, 65, 66, 67, 68, 70, 71, 72, 113, 115 Key Load ..................................................... 70, 71 Load Group Key.......................................... 32, 70 Load NT1 .................................................... 37, 68 SCIP............................................................... 1, 67 UnivCert ........................ 48, 50, 65, 66, 67, 68, 69 UnivCert Group/Keypad ................................... 70 Universal Certificate.................................... 30, 31 View Group Key ............................................... 68 View NT1 .......................................................... 67 Zeroize NT1 ................................................ 63, 65 Customer Support ......................................... 116 D DAO codes .....................................................103 Data Carrier Detect (DCD)..............................43 Data Min/Max Security Level.......................100 Data Port Data Carrier Detect (DCD)................................ 43 Data Port Mode .............................................. 82 Data Port Rate ................................................ 82 Delete Master User......................................... 30 Delete User ..........................................30, 66, 73 Dial – ATD.......................................................96 DIRECTORY key .................................16, 20, 56 Directory Menu Inbound Calls .................................................... 56 Outbound Calls.................................................. 56 Personal Contacts .............................................. 56 Speed Dial ......................................................... 56 Disconnect – ATH...........................................97 Display4, 17, 18, 20, 21, 24, 25, 33, 34, 39, 40, 43, 44, 49, 53, 54, 56, 57, 60, 64, 67, 68, 71, 72, 74, 84, 85, 98, 106, 107, 108, 109, 110, 113 Display Current Configuration and Last Connect Statistics – AT&V ....................................... 98 Display ID........................................................47 Disposal ..........................................................117 DTE, Host Computer ..................................... 89 E Echo Command– ATE ....................................97 Enable UnivCert ..............................................69 Environment ................................................. 121 Establishing Connection .................................47 Event Buffer ................................................... 80 F Features Black Computer Port ................................... 77, 78 Clear Call......................... 5, 7, 24, 36, 64, 82, 114 Date and Time ................................................... 84 Display Settings................................................. 85 Event Buffer ................................................ 79, 80 Handset.............................................................. 12 Headset5, 9, 10, 12, 15, 24, 25, 26, 35, 36, 53, 57, 61 Hearing Aid Compatibility.................................. 5 Hold ............................................................... 5, 36 Mute............................................................... 5, 36 Network Information................................... 84, 85 Purge Call History ............................................. 86 Red Data Port ........................................ 82, 87, 95 Secure Call5, 15, 16, 18, 27, 28, 32, 36, 37, 39, 40, 44, 48, 49, 50, 54, 64, 65, 66, 67, 68, 71, 74, 82, 106 Secure Dial .................................................. 52, 53 Secure Voice Call.............................................. 53 Speakerphone5, 15, 19, 20, 24, 26, 35, 36, 57, 61, 77 Voice Mail..................... 5, 16, 35, 54, 55, 64, 109 Web Management.............................................. 78 Web Management.............................................. 78 FLASH key .......................................................15 FoFIP............................................................... 25 G Generate APK.................................................. 69 Going Secure ................................................... 47 Group Key ....................................................... 31 Group Key Manager Tool User’s Manual ......... 7 Group Key Mismatch ......................................50 H Headset ............................................................. 9 HEADSET key....................24, 26, 35, 57, 58, 61 HOLD key ................................................. 16, 36 Host Computer, DTE ......................................89 I Inbound Calls............................................ 56, 61 Inbound Calls and Outbound Calls ................ 61 Add entry to Personal Contacts ......................... 62 Dialing ............................................................... 61 Installation Configuration 7, 8, 13, 25, 29, 50, 81, 82, 85, 108, 109, 110, 111, 118 Electrical Connections 3, 6, 12, 13, 14, 50, 52, 66, 72, 77, 106, 107, 110 Grounding............................................................ 3 Mounting ..................................................... 11, 12 Internet Protocol............ 5, 6, 7, 78, 85, 109, 118 Introduction...................................................... 5 IP Telephony Protocols.............................................................. 6 Session Initiation Protocol............................. 6, 85 Skinny Call Control Protocol .............................. 6 K Key Management Menu ..................................67 Enable UnivCert ................................................ 69 Generate APK.................................................... 69 Load Group Keys .............................................. 70 Load NT1 Keys ................................................. 68 View Keys ......................................................... 67 Keypad............................................................. 15 KMID.............................................................103 L LINE key.................................................... 16, 35 Load Group Keys.............................................70 Load NT1 Keys................................................ 68 Lock Security Services (PIN Menu) ................64 M Maintenance...........................................106, 116 Updating Software............................... 7, 104, 105 Menus Call History ......................... 21, 26, 56, 60, 61, 62 Configuration Menu .................... 29, 81, 110, 111 Contacts Menu..................... 20, 21, 29, 56, 57, 61 Delete User ID Menu .................................. 66, 73 Key Management Menu .. 29, 50, 66, 67, 108, 110 Personal Contacts .......... 19, 56, 57, 58, 60, 61, 62 Personal Contacts Menu.................................... 56 Phone Settings Menu....................... 20, 29, 56, 84 PIN Menu .......................... 28, 29, 50, 63, 64, 108 Security Features Menu................... 29, 72, 73, 77 Security Menu ................... 20, 28, 56, 63, 79, 108 Service Menu..................................................... 79 Speed Dial Menu ......................................... 20, 29 Top Level Diagram ........................................... 22 Zeroize Menu .................................................... 65 MLPP ...............................................................25 Mode Change................................................... 51 Initiating ............................................................ 51 Receiving........................................................... 52 MODE key ....................................................... 15 Modem Error............................................ 49, 50 Multiple Remote Keypress – AT~FMK ..........99 MUTE key.................................................. 16, 36 N Network Administrator5, 7, 8, 13, 26, 34, 40, 44, 48, 49, 50, 55, 82, 85, 104, 107, 108, 109, 112, 114 Network Settings............................................. 81 Network Status – AT~DE ...............................98 NO CARRIER.................................................. 43 No Common Key.............................................50 No Common Operational Mode .....................50 No Crypto Verify ............................................. 49 No Initiator ..................................................... 49 No Keys ...........................................................50 No Matching Parameters................................50 No Response ................................................... 49 O Online Mode ...................................................88 Outbound Calls ......................................... 56, 61 P Patents .......................................................... 120 Personal Contacts ..................................... 56, 58 Add Contacts ..................................................... 60 Add to Speed Dial ............................................. 60 Delete Contacts.................................................. 59 Search ................................................................ 60 View/Edit........................................................... 59 Phone Settings Menu......................................84 Date and Time ................................................... 84 Display Settings................................................. 85 Network Information......................................... 84 Purge Call History ............................................. 86 Phone Settings soft key...................................20 Phone Version................................................. 18 PIN Menu........................................................ 63 Change Security PIN ......................................... 64 Lock Security Services...................................... 64 Planned Approvals.........................................121 POST (Power On Self Test).............................98 Power ............................................................ 120 Power Converter.................................................. 2 Power over Ethernet ........................ 8, 13, 14, 107 Power On Self Test (POST) – AT~DG ............98 Preemption of existing call ............................. 35 Preferred Mode Status.....................................17 Preferred Security Mode........................... 17, 83 Product and Sales Information .....................119 PROTECTED................................................... 47 PSTN Connect...................................................8 Push to Talk Handset........................................ 9 R RDP Control Mode Command .................................................... 88, 89 Connecting................................................... 88, 89 Online .......................................................... 88, 90 Red Data Port ......................................82, 87, 95 Red Data Port Modem Driver .................. 87, 90 Installing...................................................... 90, 91 Red Interfaces ...............................................120 REDIAL key............................................... 16, 37 Remote Communication Timeout ................. 50 Remote Control AT Command Message Format ........................ 93 AT Command Set.............................................. 94 AT Command Strings........................................ 94 Remote Crypto Verification Failed .................49 Remote Keypress – AT~FK.............................99 Report Product TSN – ATI10......................... 98 Report Status Buffer – AT~DB ...................... 98 Report Version Number – ATI11 ................... 98 Request Display – AT~DD............................. 98 Request Far-end Authentication – AT~FA ....99 Reset Timeout .................................................49 Result Code Enable – ATQ ............................ 98 Result Code Form – ATV ............................... 98 Return to On-line Data Mode – ATO ............ 98 Returns ...................................................107, 116 S Safety ................................................................. 1 SCCP (Skinny Call Control Protocol)................6 SCIP Timeout ................................................. 82 Search ............................................................. 60 SECURE APK ..................................................47 Secure Application Control ............................. 75 Secure Call Setup.............................................47 Failures .............................................................. 48 Secure Call Setup Messages and Prompts......... 47 Secure Communications Interoperability Protocol..... 1, 26, 38, 48, 50, 82, 100, 115, 118 Secure Data Calls Ending ............................................................... 54 Secure Dial ......................................................52 Secure Dial – ATD...........................................97 Secure Downgrade ......................................... 48 SECURE key.................................. 15, 49, 58, 61 Secure Voice Calls Ending ............................................................... 53 Security..1, 5, 7, 9, 10, 14, 20, 26, 27, 28, 29, 30, 31, 33, 39, 40, 43, 48, 50, 56, 63, 64, 65, 66, 67, 68, 69, 72, 73, 74, 75, 77, 78, 79, 81, 85, 100, 101, 105, 108, 110, 111, 113 AANS ................................................................ 76 Add User.................................... 28, 30, 65, 70, 72 Application Control........................................... 75 ASEC................................................................. 75 Auto Answer...................................................... 76 Auto Lock.................. 29, 63, 73, 74, 75, 100, 101 Auto Secure ....................................................... 78 Auto Secure On Answer.................................... 75 Black Computer Port ............................... 100, 102 Delete User ...................................... 30, 65, 66, 73 Retest ..................................................... 80, 82, 87 Security Level.................................................... 77 Speakerphone .......................................... 100, 102 Verify Software ................................................. 79 Web Management.............................. 78, 100, 102 Zeroize............................... 29, 63, 65, 66, 99, 116 Security Features Menu Add User............................................................ 72 Application Control Secure Data............................................................................ 76 Auto Answer Ring ................................................................76 Secure Voice .......................................................................... 75 Auto Lock.......................................................... 73 Black Computer Port ......................................... 77 Clear Event Buffer............................................. 79 Delete User ........................................................ 73 Secure Application Control ............................... 75 Security Level.............................................. 76, 77 Speakerphone .................................................... 77 Web Management.............................................. 78 Security Level...................................... 50, 76, 77 PROTECTED...................................... 76, 77, 113 SECURE APK..................................... 76, 77, 113 Security Locked...............................................50 Security Menu ................................................. 63 Security soft key ..............................................20 Service Menu................................................... 79 Event Buffer ...................................................... 80 System Retest .................................................... 80 Terminal Serial Number.................................... 81 Verify Software ................................................. 79 Verson Info........................................................ 81 Set Straps – AT~FH........................................ 99 Setup Timeout.................................................50 Size ................................................................ 120 Skinny Call Control Protocol (SCCP) ............... 6 Soft Reset and Restore Profile – ATZ.............98 Software Update Cable ................................... 10 SPEAKER key ................... 24, 26, 35, 36, 58, 61 Speakerphone ............................ 19, 77, 100, 102 Specifications ................................................120 Speech Processing ......................................... 121 Speed Dial ................................................. 56, 57 Adding a Contact............................................... 57 Deleting a Contact ............................................. 58 Dialing ............................................................... 57 SPEED DIAL key................................. 16, 20, 57 Standards ...................................................... 118 System Retest ................................................. 80 System Retest – AT~FX..................................99 T Telephony.................................................. 1, 6, 7 Terminal Emulator..........................................42 Terminal Serial Number ................................. 81 Transport Error...............................................49 Troubleshooting107, 108, 109, 110, 111, 112, 113, 114, 115 U Unexpected MID .............................................49 Updating Software Network Software............................................ 104 Security Software ............................................ 105 USB Port....................................................92, 95 USB Red Data Port Driver ..............................92 Creating HyperTerminal.................................... 93 Installing............................................................ 92 Uninstalling ....................................................... 93 User Interface Display4, 17, 18, 20, 21, 24, 25, 33, 34, 39, 40, 43, 44, 49, 53, 54, 56, 57, 60, 64, 67, 68, 71, 72, 74, 84, 85, 98, 106, 107, 108, 109, 110, 113 Keypad....................... 4, 15, 19, 32, 59, 60, 70, 71 Menu Navigation......................................... 16, 20 Soft Keys ..... 16, 18, 20, 25, 53, 56, 57, 58, 59, 60 Special Function Keys....................................... 54 Trust Indicator ..................... 17, 18, 39, 40, 43, 44 V Verify Software................................................79 Verson Info...................................................... 81 View Fill Status................................................ 81 View Keys ........................................................67 Voice Mail........................................................54 VOICE MAIL key....................................... 16, 54 Voice Min/Max Security Level......................100 Voice Over Internet Protocol ...................... 6, 12 VoIP Network Protocol Support ................... 121 W Warranty ........................................................ 117 Web Management........................... 78, 100, 102 Write S-Register – ATS...................................98 Z Zeroize............................................................. 33 Zeroize – AT~FZ ............................................. 99 Zeroize Menu...................................................65 Delete User ID................................................... 66 Disable UnivCert............................................... 65 Zeroize All Keys ............................................... 65 Zeroize APK...................................................... 65 Zeroize Group Key............................................ 66 Zeroize Keyset................................................... 65 Zeroize NT1 ...................................................... 65 GENERAL DYNAMICS 8220 East Roosevelt Street Scottsdale, AZ 85257 Sectéra Product and Sales Information (888) 897-3148 or (781) 455-2800 Maintenance/Repair (877) 230-0236 or (410) 850-4893 www.gdc4s.com/sectera HU U 68-P49752G Rev D © 2007-2009 General Dynamics. All rights reserved. Sectéra, TalkSECURE and vIPer are trademarks of General Dynamics. All other product and service names are the property of their respective owners. ® Reg. U.S. Pat. & Tm. Off.

vIPer Guide 68 P49752G

Related documents

Products

Support

vIPer Guide 68 P49752G

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib