AT&T debuts mobile encryption app

AT&T offers new two-factor encryption service for mobile phone users for sensitive-but-unclassified voice communications.

AT&T Co. has launched a new two-factor encryption service for sensitive-but-unclassified mobile voice communications: AT&T Encrypted Mobile Voice.

The solution comes out of the AT&T lab, said Stacey Black, vice president of strategic products for AT&T Business Solutions.

“There are always requests for improving security,” he said. Both government and enterprise are concerned about the interception of calls. Digital communications has its own security, but this adds an additional level of security, which some users find valuable.”

The on-demand service is built on an encryption engine on a chip, TrustChip from KoolSpan Inc., and encryption management software, One Vault Voice from SRA International Inc., and works on BlackBerry and Windows-based smart phones. iPhone users are out of luck — the device lacks an open microSD slot for the TrustChip.

Here’s how it works: When Mary prepares to make a call, the One Vault Voice software asks her if she would like to make an encrypted call. If she says, no, she merely proceeds as usual. If she says, yes, she selects a call recipient, Jason, from her contact list. The phone client application contacts SRA’s One Vault Servers and Mary is automatically logged in.

The server signals Jason’s phone; and the One Vault Voice client on the phone notifies Jason that a secure call is coming in; Jason accepts the call; he, too, is automatically logged in and the encrypted session is established over AT&T’s network as, essentially, an encrypted voice-over-IP call.

Encrypted Mobile Voice has obvious potential for the financial industry, law enforcement and health care, but it also could play a valuable role in other areas, such as disaster recovery. For example, Black said, “your business continuity team could be assured that their conversations after an event of some kind were secure.”

Currently, Encrypted Mobile Voice’s 256-bit voice encryption meets the requirements of FIPS-140-2, for controlled unclassified Information. But no top secret or classified version of AT&T Encrypted Mobile Voice is available. However, Black said, “I think it’s safe to assume that work is going on to get higher levels of security.”

Classified-level encryption for mobile voice would be of great interest to both to the Defense Department and intelligence community, said Warren Suss, president of Suss Consulting Inc. “Secure mobile voice communications in the field is the holy grail for warfighter applications,” he said.

Taking security up a level to classified is trickier than just bumping up encryption levels, however. “What is generally not widely, commonly known,” Black said, is that today’s Type 1, or classified, security applications run over the older technology of circuit-switched lines rather than in the newer VoIP environment.

But with all other communications moving toward IP, “it’s a good presumption that that also will be the direction that Type I communications will take,” he added.

AT&T Encrypted Mobile Voice operates in the more than 190 countries globally where AT&T provides data roaming, Black said.