Table of Contents
Advertisement
Overview of Cisco Cius
Feature
Device authentication
File authentication
File encryption
Signaling Authentication
Manufacturing installed certificate
Media encryption
CAPF (Certificate Authority Proxy
Function)
OL-26938-01
Overview of Supported Security Features
Description
Occurs between the Cisco Unified Communications Manager
server and Cisco Cius when each entity accepts the certificate
of the other entity. Determines whether a secure connection
between Cisco Cius and Cisco Unified Communications
Manager occurs and, if necessary, creates a secure signaling
path between the entities by using TLS protocol. Cisco Unified
Communications Manager will not register Cisco Cius devices
unless Cisco Unified Communications Manager can authenticate
them.
Validates digitally signed files that Cisco Cius downloads.
Cisco Cius validates the signature to make sure that file
tampering did not occur after file creation. Files that fail
authentication are not written to Flash memory on Cisco Cius.
Cisco Cius rejects such files without further processing.
Encryption prevents sensitive information from being revealed
while the file is in transit to Cisco Cius. In addition, Cisco Cius
validates the signature to make sure that file tampering did not
occur after file creation. Files that fail authentication are not
written to Flash memory on the Cius. Cisco Cius rejects such
files without further processing.
Uses the TLS protocol to validate that no tampering has
occurred to signaling packets during transmission.
Each Cisco Cius contains a unique manufacturing-installed
certificate (MIC), which is used for device authentication. The
MIC provides permanent unique proof of identity for the device
and allows Cisco Unified Communications Manager to
authenticate Cisco Cius.
Uses SRTP to ensure that the media streams between supported
devices are secure and that only the intended device receives
and reads the data. Includes creating a media master key pair
for the devices, delivering the keys to the devices, and securing
the delivery of the keys.
Implements parts of the certificate generation procedure that
are too processing-intensive for Cisco Cius, and interacts with
Cisco Cius for key generation and certificate installation. The
CAPF can be configured to request certificates from
customer-specified certificate authorities on behalf of Cisco
Cius, or it can be configured to generate certificates locally.
Cisco Cius Administration Guide, Release 9.2(3)
15
Advertisement
Table of Contents
