Specifications
Explorers Nur für den internen Gebrauch
A31003-H3580-M103-2-76A9, 01-2009
7-196 HiPath 3000/5000 V8 - HG 1500 V8, Administrator Documentation
hg-07.fm
Payload
7.7.6 Signaling & Payload Encryption (SPE)
The Signaling & Payload Encryption (SPE) feature is provided on HiPath 3000/5000 from V7
R4 or later. VoIP payload and signaling data flows from and to the gateway and between IP tele-
phones are encrypted. The basis for this feature is an asymmetrical encryption method. Public
and private keys are used with such methods.
It must be ensured that the individual VoIP clients as well as the gateways uniquely identify
themselves in the HiPath system. This is achieved using certificates which contain private and
public keys. The certificates are generated either by a customer PKI certification authority (RA/
CA), by the internal certification authority of the DLS server (CA) or using the LW-CA of the
HG 1500. The DLS server then sends the files containing the certificates to the DLS client of
the gateway.
Depending on the customer’s requirements, security settings can be activated or deactivated
for certificate evaluation and data stream encryption. This increases or decreases the encryp-
tion security.
WBM path:
WBM > Explorers > Payload > Signaling and Payload Encryption (SPE)
Signaling and Payload Encryption (SPE) is displayed as an expandable folder. Double-clicking
Signaling and Payload Encryption (SPE) displays the following entries in the tree structure:
> SPE Certificate
> SPE CA Certificate(s)
Context menu:
Right-click Signaling and Payload Encryption (SPE) to display a menu containing the following
entries.
> View Security Settings
> Edit Security Configuration
Background information:
See Section 9.6.2, "Certificates"