Collapse AllExpand All

18.1.3.2. Signaling encryption Previous topic Parent topic Child topic Next topic

Figure 371. Signaling encryption

signaling_encr-2.jpg
The PEP (Proprietary Encryption Protocol) is based on the Master Encryption Key (MEK). PEP is used to protect signaling for connections between a host system and access points (IPDA and OpenScape 4000 SoftGate).
For all other signaling connections, the TLS (Transport Layer Security) protocol is used (e.g. HFA/ SIP phones, IP trunking (H.323/SIP)).
In the case of VoIP signaling paths in a HiPath 4000/OpenScape 4000 network or to partner systems (such as OpenScape Voice), every connection is individually and independently encrypted. TLS/SSL encryptions (SIP/H.323/HFA) and AES encryption based on pre-shared secrets (IPDA/DMC) is used for this. End-to-end encryption is based on an unbroken encrypted chain of partial signaling links.
  • SIP/ HFA/ H.323 connections
  • Signaling is secured by TLS connection.
  • DMC connections
  • Signaling (H.225 is secured with H.235.1(authentication and integrity) for the DMC connections. The "shared-secret" (key) needed is generated by the OpenScape 4000 for every call and distributed to the DMC endpoints. This means that DMC connections are not encrypted, they are only authenticated.
${DocTitle}, ID: ${DocID}
© 03/2026 Mitel Networks Corporation. All rights reserved. Mitel and the Mitel logo are trademark(s) of Mitel Networks Corporation. Unify and associated marks are trademarks of Unify Software and Solutions GmbH & Co. KG. All other trademarks herein are the property of their respective owners.